Opened 11 years ago

Closed 6 years ago

#473 closed new feature (wontfix)

Procedure for security holes

Reported by: midsch Owned by:
Priority: major Milestone: unassigned
Component: FrameWork Keywords:
Cc:

Description

Imagine I've found a bug that allows me to hack in another account or something similar (don't worry not yet ;) in production. It should be announced to the admins/techteam immediately, but opening a public bug with critical information is not a good idea. Of course a blocker-ticket has to be published, but where do we store the information? Public means everyone could use the hack. To make the example more difficult imagine also I just noticed the bug and make the report before I leave to a place without online access for the next few month. Sending a mail to an admin is an option, but not everyone knows them.

What to do? Can comments from trac-tickets set to something like "hidden"?

(Ha, the paranoid asks for hidding information!)

Change History (3)

comment:1 Changed 6 years ago by TimLoal

  • Component changed from BW General to FrameWork

comment:2 Changed 6 years ago by jsfan

  • Milestone Future deleted

Milestone Future deleted

comment:3 Changed 6 years ago by midsch

  • Milestone set to unassigned
  • Resolution set to wontfix
  • Status changed from new to closed

Probably obsolete, contact to the serveradmins is known and should do it for BW/Rox

Note: See TracTickets for help on using tickets.