Group Name Guessing Disclosure Policy
Max Kanat-Alexander
mkanat at bugzilla.org
Mon Jul 19 23:09:15 UTC 2010
On 07/19/2010 04:05 PM, Frédéric Buclin wrote:
> we can also check the
> visibility of a group from a central way, say $user->can_see_group().
No, we can't--that's what I'm saying. The code to do that would be too
complex, and would probably perform badly as well. There are numerous
different situations under which a user is allowed to see a group's name.
-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.
More information about the developers
mailing list