[logback-dev] QOS.CH Jira username is your email address

Scott Babcock scoba at hotmail.com
Wed Jan 18 01:04:30 CET 2017


Thanks for looking out for me! Where is my user name set to my email address?


________________________________
From: logback-dev <logback-dev-bounces at qos.ch> on behalf of Ceki Gulcu <ceki at qos.ch>
Sent: Thursday, January 12, 2017 4:35 PM
To: logback-dev at qos.ch
Subject: [logback-dev] QOS.CH Jira username is your email address


Dear Logback dev list             ,

On the QOS.CH Jira instance issues can be browsed by anonymous users,
that is without logging in. The Jira web-page for a given issue will
contain the user name of the reporter as well as the user names for
all those who commented on the issue.

Thus, web-crawlers will be able to see user names on our Jira
instance. This is acceptable as long as user names do not contain
sensitive data.

However, given that your user name matches your email address on the
QOS.CH Jira instance, we fear that your email address may leak to
anonymous web-crawlers (who can see your Jira user name).

Please note that many other publicly accessible Jira installations
suffer from the exact same problem.

Modifying your user name so as to make it different than your email
address should stop the aforementioned data leakage. Unfortunately,
you cannot change your user name on your own. Only the Jira
administrator can change it.

In light of the above, if you decide to change your Jira user name,
please let me know the user name of your choice by replying to this
message.

Best regards,

--
Ceki Gülcü
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qos.ch/pipermail/logback-dev/attachments/20170118/64599568/attachment.html>


More information about the logback-dev mailing list