Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-13276

Restrict anonymous users from viewing user profiles.

    XMLWordPrintable

    Details

      Description

      Even if I start Confluence with -Dconfluence.disable.peopledirectory.anonymous=true, it is still possible to browse individual users by visiting a URL like https://[wikiBaseUrl]/display/~[accountName].

      This is a major security problem for us because it exposes:
      1. The user's name
      2. The user's ID
      3. The user's email address

      Evidence of the data leakage can be found by searching Google on the account name of people in the People Directory.

      Because of this problem, we had to disable all anonymous access to our system, and I am dealing with fallout from reduced institutional confidence in Atlassian Confluence.

      "Best security practices" should require this information not be made available anonymously without a sysadmin override.

      Also, it should also be easier for administrators to restrict access than by hacking the registry (for Windows Service-based installs) or modifying setenv.bat.

      I set priority to "critical" because:
      A. This has negatively impacted our use of Atlassian. I had to disable anonymous view privileges on wiki spaces that we needed to be exposed to the world (like our Help Desk wiki space).
      B. This is a security hole.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pcurren Paul Curren
              Reporter:
              acambre@smu.edu Aren Cambre
              Votes:
              7 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: