Project

General

Profile

Actions

Defect #34593

open

privacy problem on users info

Added by Fabrizio Sebastiani about 3 years ago. Updated about 3 years ago.

Status:
Needs feedback
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

If a logged-is user start to access cyclically to urls likes this:

 https://example.com/redmine/users/5
 https://example.com/redmine/users/6
 https://example.com/redmine/users/7
 ...

he/she will see get the full organization's useers, members, informations, accounts, email etc... This is a particular sensible information if organization needs to hide and protect membership information to all users.

This looks violation of privacy information. Also the organization cannot hide to any member this wide information. Looks a design lack.

Actions #1

Updated by Marius BĂLTEANU about 3 years ago

  • Status changed from New to Needs feedback

Can you access all those information using an user without permissions?

Actions #2

Updated by Michael Troester about 3 years ago

Marius BALTEANU wrote:

Can you access all those information using an user without permissions?

I can, from my (presumably) unprivileged acct. The 'hide email address' feature seems to work though. Maybe need to add more 'hide [data]' options for other sensitive data fields?

Actions #3

Updated by Marius BĂLTEANU about 3 years ago

Michael Troester wrote:

Marius BALTEANU wrote:

Can you access all those information using an user without permissions?

I can, from my (presumably) unprivileged acct. The 'hide email address' feature seems to work though. Maybe need to add more 'hide [data]' options for other sensitive data fields?

You already have the following settings:
1. Users visibility (All active users / Members of visible projects) at role level.
2. The "hide email address" already mentioned by you.
3. "Users display format" global setting to control how to show the user based on First name and Last name.

which covers all the users standard fields. If you want to be very strict about who have access to user's info, maybe you should review the setting from 1 for all roles.

Regarding more 'hide [data]', do you have custom fields for users? If yes, that make sense to have the same options to configure the custom field visibility as already exists for issues, spent time, versions or projects.

Actions

Also available in: Atom PDF