Group Name Guessing Disclosure Policy
Max Kanat-Alexander
mkanat at bugzilla.org
Wed Jul 21 00:27:24 UTC 2010
On 07/20/2010 05:17 PM, Gervase Markham wrote:
> I'm normally the last one to suggest this, but: could we have an admin
> pref "Group names are secret"? Have it on, and you have to deal with
> vague error messages and the possibility that a typo will accidentally
> reveal a bug. Have it off, and, well, your group names aren't secret.
We could, but that would add even *more* code complexity. Then we'd
have to implement alternate code for both cases in every single place
that we check the existence of a group in Bugzilla.
-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.
More information about the developers
mailing list