disallow name probing

open
,
low
,  
 
  • View
  • Changes
  • Options
  • Related
  • Edit
    •
    disallow name probing+issue    

    This is a bit of a sanity/cleanup issue.  The case I noticed was when a user (or non-user Anonymous) doesn't have read permission, they can still find out if a card exists or not by probing.  If they don't have read for a card, the user should never get 'missing', onl y a 'deny' view.  If it is a message, they just learn that they can't read the card, whether or not it exists, or as content it is probably blank, and not the 'add link'.
    disallow name probing+issue, disallow name probing, issue Ethan McCutchen  

     

     

     

    Related support tickets: 
    Relevant user stories: 
     add one
  • View
  • Changes
  • Options
  • Related
  • Edit
    •
    disallow name probing+discussion    

    what if they have create permissions but not read permissions?  This is actually a common configuration -- you can register for an event, say, but can't see the registration after you've submitted it.
    disallow name probing+discussion, disallow name probing, discussion Ethan McCutchen  

     

    Notes

    add a note

    try it

     

    wagneers

    intro

    videos

    features

    syntax

    weekly calls

    ideas

     

    twitter

    mailing list

     

    developers

    roadmap

    next release

    tickets

    pack API

    REST API

    one-pager

     

    github

    mailing list

     

    wagn.org

    recent

    todo