Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-20157

Email address exposure even when the user specifies they want their email address hidden

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Medium
    • None
    • 3.2.1
    • None

    Description

      We have a Confluence site and noticed the following. When a user uses their email address as their username, that email address will then be exposed in certain links. An example would be the 'View User Profile' link:

      https://www.<DOMAIN>/confluence/users/viewuserprofile.action?username=<FULL EMAIL ADDRESS>

      The email address of the user is hidden in the page, but what good is it if the username (email address) is visible in the URL itself?

      I do understand that users do not have to use their email address as a username, but why would Atlassian provide a 'Same as email' button when users sign up given this possibility?

      Please address this issue and let me know what will be done to resolve this.

      Thanks,
      – Jason

      Attachments

        Issue Links

          duplicates

          Suggestion - CONFSERVER-7062 Spam/privacy risk from using email as username on public instances should be empahsised

          • Closed
          is blocked by

          Suggestion - CONFSERVER-4063 Change usernames

          • Closed

          Activity

            People

              Unassigned Unassigned
              4bd9db66756a Jason
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: