Redmine

This is a potential security risk too, imagine you have a private project with a custom field "client", sharing a query ID doesn't reveal it, if you share a link with all filters in the URL, someone might then get to know that ClientA is your client.

Felix Schäfer - I admit that might be relevant for some people (though Bugzilla still does it). Which is why I'm totally not asking for any functionality change - merely an additional piece. In fact, I'm not even asking for the default query URL to be changed : the query URL is simply displayed on the page and I can choose to copy and share it.

If I choose to share, then it is because the convenience of collaboration outweighs any risks.

In my case, it is little things like this that keeps us from moving a (largish) internal bug tracking+PM software to redmine.

Sandeep S wrote:

Felix Schäfer - I admit that might be relevant for some people (though Bugzilla still does it). Which is why I'm totally not asking for any functionality change - merely an additional piece. In fact, I'm not even asking for the default query URL to be changed : the query URL is simply displayed on the page and I can choose to copy and share it.

I didn't say I was against it, only that it should be kept in mind.

If I choose to share, then it is because the convenience of collaboration outweighs any risks.

That's fine if the choice is your's to make, I know of several large organizations though with very strict security requirements that disable some functionality in Redmine to be able to use it. As I said, I'm not against it, it's just something that has to be kept in mind.

I just wanted to void that this bug is one of the major sticking points for our company to switch from Bugzilla to Redmine. I'm working through the feature gap piece by piece but sharing URLs in emails and such is a very common practice for us.

If a URL to a shared search could be shared then that is probably adequate for us too however it does make it more difficult for my to template some pages on a separate intranet site that dynamic write URLs in order to provide specific searches. I assume that I could probably go about this a different way with Redmine but not entirely sure especially since our other intranet sites are all ASP.NET. I'm guessing this only leaves open the possibility of using some type of web service interface.

Another note is that we use the same URL feature from Bugzilla for sharing tabular reports on a regular basis. This is a real simple way for somebody doing some analysis to redirect people to a nice table showing bug numbers. I haven't yet started looking into how this could be done in Redmine but sharing a URL to these reports is just as important to us.

Etienne E - no this has not been fixed by the issue/fix you mentioned. (In fact I would argue that the correct fix for that feature would be this.)

Issue #1965 is related to queries being kept in session - and the fixes for that, which would make redmine tab safe.
Now, if there is a way to not keep queries in session (which also includes un-shareable saved queries) - it would really simplify everything ... including back button behavior AND fix this issue.

But, this bug here is much more limited/easier:

Redmine already generates queries similar to "http://www.redmine.org/projects/redmine/issues?set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=priority_id&op%5Bpriority_id%5D=%3D&v%5Bpriority_id%5D%5B%5D=4&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=updated_on&c%5B%5D=category&group_by=", which is then saved in the system as "http://www.redmine.org/projects/redmine/issues?query_id=2"

This bug is just about printing (maybe at the bottom of the query page) - the actual long URL for that query. This can then be copied and shared with anyone and there is no impact on sessions/back buttons, etc.