Violetta,
Why is it a security issue? If your privileges are allowing them to
go to a user "Preferences", then I understand, but to just know what
UserIds are on the system doesn't seem like a big deal to me.
Kenn
LBNL
On 6/18/2009 7:28 AM, Violetta J. Wawryk wrote:
> Hi,
>
> RT is 3.6.1 on a debian system
>
> we just found out that in the people section everyone who can login can
> search for people. So a person who has the following rights:
>
> CreateTicket
> ReplyToTicket
> SeeQueue
> ShowTicket
>
> can go to the people section and do a search like:
>
> userid doesn't contain xyz
>
> he gets all the users of the RT. Since this is a security issue, is
> there anything that I can do to prevent these searches?
>
> It might be disabled in a newer version, if so which would that be?
>
> A quick search on the list didn't give me an answer, therefore I have to
> ask this. Sorry if it's been on the list before.
>
> Quick help is really appreciated, thanks in advance!!!!
>
> Regards
> Violetta
>
>
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
