#67: Project summary shows admin username
Issue revisions
- new by Manuel Pichler at 2009-M-02 7:12
- assigned by Manuel Pichler at 2009-M-02 20:21
- closed by Manuel Pichler at 2009-M-03 21:06
- assigned by Manuel Pichler at 2009-M-05 21:24
- closed by Manuel Pichler at 2009-M-05 21:31
| Type |  enhancement |
|---|---|
| State |  closed |
| Priority |  urgent |
| Resolution |  fixed |
| Assigned to | Manuel Pichler |
| Scheduled for | |
| Affected versions | 0.1-alpha, Latest SVN |
| Affected components | Core |
| Last change | Thursday 5 March 2009 21:31:08 UTC by Manuel Pichler |
Short description
The project summary shows the username of the admin user. This should be changed, so that a possible attacker must guess both components username and password.
Steps to reproduce
Click on the "The project" link
Expected behavior
The section Administrators shows admin's screen name.
Actual behavior
The section Administrators shows more or less the admin's login.
Manuel Pichler at Tuesday 3 March 2009 21:06:57 UTC
I have closed this issue, because the user screen name is an optional, a fact that I wasn't aware of, and so there is no other field to identify a project admin.
Manuel Pichler at Thursday 5 March 2009 21:24:02 UTC
Reopened after a short clarification talk with kore.
Manuel Pichler at Thursday 5 March 2009 21:31:08 UTC
This bug was fixed in svn revision #1028.