Opened 6 years ago
Closed 17 months ago
#64 closed enhancement (fixed)
email address in xml export
| Reported by: | jbenito | Owned by: | aavilesd |
|---|---|---|---|
| Priority: | critical | Milestone: | v1.2 |
| Component: | Security | Version: | 0.98-dev |
| Keywords: | Cc: |
Description
[THOMAS BARON]
I’ve received a complaint that although we protect individuals email addresses from being displayed in the normal event displays, these addresses are still available in the XML export of the event.
We may want to change this behaviour a bit by only inserting the email addresses in the XML export if the requesting user is authentified.
Change History (10)
comment:1 Changed 5 years ago by jbenito
- Component changed from General to Security
- Milestone changed from v0.98 to v1.0
- Priority changed from normal to high
comment:2 Changed 3 years ago by jbenito
- Milestone changed from v1.0 to v1.2
- Priority changed from high to critical
comment:3 Changed 2 years ago by pferreir
There's also the option of exporting a hash of the address by default. This could be used to generate gravatars, etc...
comment:4 Changed 2 years ago by ferhatelmas
- Owner set to ferhatelmas
- Status changed from new to assigned
comment:5 Changed 18 months ago by pferreir
- Owner ferhatelmas deleted
- Status changed from assigned to new
comment:6 Changed 18 months ago by pferreir
- Owner set to aavilesd
- Status changed from new to assigned
comment:7 Changed 18 months ago by aavilesd
- Status changed from assigned to in_work
comment:8 Changed 18 months ago by aavilesd
- Status changed from in_work to awaiting_merge
Branch: 64-email-xml-export
comment:9 Changed 17 months ago by pferreir
- Status changed from awaiting_merge to merging
comment:10 Changed 17 months ago by pferreir
- Resolution set to fixed
- Status changed from merging to closed
Note: See
TracTickets for help on using
tickets.
Maybe we can export the email addresses depending on the rights of the account (HTTP API) and block it for public access?