Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Request Tracker: Users permissions loophole?   Index | Next | Previous | View Flat

james at webma Mar 29, 2003, 3:54 PM Views: 3844 Permalink permissions loophole? Hi, I have recently installed the release version of RT3 onto a new server for testing as my company would like to switch over to using a ticketing system rather than standard email. I have noticed one odd thing with the way it processes mail (although it may be my setup but I can't see where), if there is a user on the system, e.g. autocreated by opening a ticket, they can reply to any other ticket by simply changing the number in the subject of the message and this reply will be forwarded onto the ticket requestor. This does not seem correct to me as it would allow a spammer to randomly guess ticket numbers and then send mail to our customers using rt as the relay. The only permissions I have set are to allow is for "Everyone" to be able to create tickets, no specific permissions are set for replying to tickets but RT still lets the mail through. Have I made a mistake in the setup or is this a loophole in the program? Cheers James

Subject User Time permissions loophole? james at webma Mar 29, 2003, 3:54 PM     Re: permissions loophole? david.vrtin at arnes Mar 30, 2003, 11:46 PM         RE: permissions loophole? gboug at unico Mar 31, 2003, 12:05 AM     RE: permissions loophole? martin.schapendonk at whitehorses Mar 30, 2003, 11:58 PM     RE: permissions loophole? gboug at unico Mar 31, 2003, 12:07 AM     Re: permissions loophole? james at webma Mar 31, 2003, 9:31 AM

Index | Next | Previous | View Flat   Request Tracker     Announce     Devel     Users     Commit

Interested in having your list archived? Contact lists@gossamer-threads.com
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.