Group Name Guessing Disclosure Policy
Max Kanat-Alexander
mkanat at bugzilla.org
Wed Jul 21 23:26:09 UTC 2010
On 07/21/2010 10:16 AM, Gervase Markham wrote:
> Surely just in the error messages? If group names are secret, we use
> generic messages; if they are not, we use specific ones.
Yeah, that might be possible. I doubt anybody would turn off the
parameter, though, and it would have to be on by default, so that we can
ship secure.
> Or are there other areas of data leak?
To some degree, until I look over all of Bugzilla and am actually
implementing the resulting policy everywhere, it's hard to say. Also, if
we had such a parameter, I'm sure that future implementors would get
confused about how and when to apply it, just like they get confused
about what visibilitygroups and strict_isolation mean now. (Both of
those parameters are applied inconsistently and in different,
incompatible ways in different contexts.)
-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.
More information about the developers
mailing list