Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-10932

publically available usernames are a security risk

    XMLWordPrintable

Details

    Description

      The login username of users is revealed all over the place (in URLs that link to user profile, or user's list of assigned open bugs etc).

      This seems to be a big security risk, because you have given away half of the user identification to strangers.

      Anybody can look up a user in the issue tracker and find out what username they have (possibly on an external system, LDAP or otherwise).

      Instead, you should be using an internal userid for these links.

      Attachments

        Issue Links

          relates to

          Suggestion - JRASERVER-1549 Ability to rename a user

          • Closed

          Activity

            People

              Unassigned Unassigned
              4c21ae0efceb Martin Martin
              Votes:
              4 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: