Ticket #13180 (confirmed Bug)

Opened 4 years ago

Last modified 4 years ago

"Use email as login" in combination with "Enable user folders" exposes users' e-mail addresses

Reported by: khink Owned by:
Priority: minor Milestone: 4.x
Component: General Version: 4.3
Keywords: security, registration, members Cc:

Description

Related to https://dev.plone.org/ticket/12351 but not the same thing:

If you have both use_email_as_login and enable_user_folders turned on, the url of the user's home folder will be something like /Members/john.smith-40example.com

If these home folders are published, anyone can see the mail addresses.

Change History

comment:1 Changed 4 years ago by kleist

  • Status changed from new to confirmed
  • Component changed from Unknown to General
Note: See TracTickets for help on using tickets.