Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-10932

publically available usernames are a security risk

    XMLWordPrintable

    Details

      Description

      The login username of users is revealed all over the place (in URLs that link to user profile, or user's list of assigned open bugs etc).

      This seems to be a big security risk, because you have given away half of the user identification to strangers.

      Anybody can look up a user in the issue tracker and find out what username they have (possibly on an external system, LDAP or otherwise).

      Instead, you should be using an internal userid for these links.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                moodler Martin Martin
              • Votes:
                4 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: