As you can see, in the screenshot, wouldn't let me see the surface, but I could see the name of the DST.
I think that we should avoid ANY access by people who shouldn't have access.
[Note: This particular surface is non-public at this moment, but it will be published soon. If someone is trying to reproduce this problem, they may need to try on other surfaces that they are not supposed to have access to.]
It appears that there is a bug in C.E. that allows you to see the name of a DST even if you shouldn't have access to it.
See screenshot for an example. I am not signed in and I clicked on a link to a non-public surface: https://contact.engineering/ui/html/surface/?surface=3039
As you can see, in the screenshot, wouldn't let me see the surface, but I could see the name of the DST.
I think that we should avoid ANY access by people who shouldn't have access.
[Note: This particular surface is non-public at this moment, but it will be published soon. If someone is trying to reproduce this problem, they may need to try on other surfaces that they are not supposed to have access to.]
Can we look into this?
Thanks!
-Tevis