This feature will be removed in 5.2 as it provides no perceived value.

More details to take care of:

1. Global labels are accessible from Search
2. Labels can be browsed through links like <yoursite>/labels/listlabels-heatmap.action
3. Individual labels are accessible through links like <yoursite>/label/<label name>
4. individual labels can be scanned by ids as well through links like <yoursite>/users/viewmylabels.action?labelId=41255007 (you understand and see the structure of the link after having created a personal label)
5. Popular labels pane seems to show labels from other spaces as well

Are labels from another space visible in the suggestions showed when you're adding labels to a page as well?

We use labels to name customers and projects. In our case this issue constitutes a violation of data confidentiality when multiple customers are allowed to access the data. For example, we had to rollback the deployment of a knowledge base to a customer exactly for this reason.

In our mind this is clearly a security issue.

Hello,

it is both - it is a security issue and it is an relevance issue. In our installation it is in the momant more an relevance issue, but it could become a security issue when users from one space create a label for a "top secret" project and all users in other spaces can see the new "top secret" label

By
Andree

Hi Derek and Thomas,

Certainly Andree's original forum posting led me to believe that he was concerned about security, as you two are, but he was actually concerned about search relevance, and that is what this issue is about. If you believe there is a security problem in allowing all users to see all global labels, then please create a separate issue.

Cheers,
Don

One of our customers pointed out a similar problem: With anonymous access, appending the path

/labels/listlabels-alphaview.action

to the confluence host name reveals all labels which are defined on the particular confluence instance. It's also possible to see the labels of pages restricted to logged-in users only. You may try to take a look at this: http://confluence.atlassian.com/labels/listlabels-alphaview.action

This is a security flaw and should be fixed.

I'd say it can be an issue of security. Say Amy is a client restricted to the Fruit Development space. Bob is restricted to Vegetables Development. Amy adds a label to a page like 'new-super-tomato'. Bob can learn that someone has labeled a page with 'new-super-tomato' because suddenly it is showing up in searches and in the globally popular labels. Or say in the Accounting space someone creates a 'layoffs' label. Now everyone in the company freaks out because it starts showing up as a label.

Hello,

Yes, that's a much better summarize

Best regards
Andree

Ahh, so the problem isn't one of security, just of being prompted to search for things that cannot be seen. I think a better summary would be

"Search results should only suggest related labels that contain content visible to user."

Do you agree?

Hello,

thanks for your response. I will try to explain our problem. We have in the moment 3 spaces for 3 different departments. The users belong only to one department and see news and pages only from this department space. When pages in the department 1 has a label "apple" and somebody from department 2 search for apple he will find that there is a label "apple" but he has no permission to read this page.
This is very irritating since we like to search with related labels. Is there no way to restrict the search that the search result will show also the labels only to the space the user has permissions to?

Best regards
Andree