Open brainstorm opened 10 years ago
Giving a specific (authenticated) user READ rights exposes data to anonymous users.
Even if (URL) tickets are supposed to ease data sharing, third parties (including anonymous users) shouldn't be able to guess them and then access its contents.
Thanks @ganqqwerty for reporting this.
Giving a specific (authenticated) user READ rights exposes data to anonymous users.
Even if (URL) tickets are supposed to ease data sharing, third parties (including anonymous users) shouldn't be able to guess them and then access its contents.
Thanks @ganqqwerty for reporting this.