[logback-dev] QOS.CH Jira username is your email address

Ceki Gulcu ceki at qos.ch
Fri Jan 13 01:35:23 CET 2017


Dear Logback dev list             ,

On the QOS.CH Jira instance issues can be browsed by anonymous users,
that is without logging in. The Jira web-page for a given issue will
contain the user name of the reporter as well as the user names for
all those who commented on the issue.

Thus, web-crawlers will be able to see user names on our Jira
instance. This is acceptable as long as user names do not contain
sensitive data.

However, given that your user name matches your email address on the
QOS.CH Jira instance, we fear that your email address may leak to
anonymous web-crawlers (who can see your Jira user name).

Please note that many other publicly accessible Jira installations
suffer from the exact same problem.

Modifying your user name so as to make it different than your email
address should stop the aforementioned data leakage. Unfortunately,
you cannot change your user name on your own. Only the Jira
administrator can change it.

In light of the above, if you decide to change your Jira user name,
please let me know the user name of your choice by replying to this
message.

Best regards,

-- 
Ceki Gülcü


More information about the logback-dev mailing list