#1890: Can create tickets anonymously using the username of an authenticated
user
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Owner: cmlenz
Type: defect | Status: assigned
Priority: normal | Milestone: 0.10
Component: general | Version: 0.8.4
Severity: normal | Resolution:
Keywords: |
----------------------------------------+-----------------------------------
Comment (by cboos):
What about a kind of flag saying that the user is authenticated or not.
For example, when recording an author (wiki edits, ticket comments),
we store the user name enclosed in parenthesis if the session is not
authenticated.
The "forged" comment:3 would then read ''Modified by (mgood)''.
It could then be clear for everyone that it's either `mgood`
(but not authenticated) or someone pretending to be him (as it was
the case, for demonstration purpose).
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/1890>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
