-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
Medium
-
None
-
Affects Version/s: 3.2.1
-
Component/s: None
We have a Confluence site and noticed the following. When a user uses their email address as their username, that email address will then be exposed in certain links. An example would be the 'View User Profile' link:
https://www.<DOMAIN>/confluence/users/viewuserprofile.action?username=<FULL EMAIL ADDRESS>
The email address of the user is hidden in the page, but what good is it if the username (email address) is visible in the URL itself?
I do understand that users do not have to use their email address as a username, but why would Atlassian provide a 'Same as email' button when users sign up given this possibility?
Please address this issue and let me know what will be done to resolve this.
Thanks,
– Jason
- duplicates
-
CONFSERVER-7062 Spam/privacy risk from using email as username on public instances should be empahsised
- Closed
- is blocked by
-
- Closed
