Closed janicedatawire closed 8 years ago
datawire.json
itself is protected by UNIX. This is only an issue if two users are actually sharing an account – which is to say, it's only an issue in a case where the two users will be indistinguishable by basically everything.
We could protect against this case by encrypting the entry in datawire.json
and requiring each user to unlock their record before doing anything, but it's so many sigmas from our design goals I'm disinclined to bother.
As user jmk4 in org H3PSFJ7NZ2 I can see user and service info about users in other organizations (in this case user jmk1 in BJSJ7HV3JD) if I look at the datawire.json state file: