I just had the following concern: suppose I create an alias for an existing confidential ticket, and the alias contains confidential information (say, an identifying name). I then add blocks, depends, or see also to a non-confidential bug. Is it possible that the alias will leak to the non-confidential bug? It appears the answer is no: I did a (non-controlled!) test and, when not logged in, I don't see the confidential alias from a linked non-confidential ticket. I'd like to verify that this is the case. I'm marking this Mozilla confidential so that, if this is possible, an interested party cannot check my Bugzilla activity and determine a confidential alias. I'll unmark it if possible.
in order to determine a bug's alias, the user must be able to view the bug, so there's no information leak here. from the bug/link template: > [% IF user.can_see_bug(bug) %] > [% link_title = link_title _ ' - ' _ bug.short_desc %] > [% IF use_alias && bug.alias %] > [% link_text = bug.alias %] > [% END %] > [% END %]
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.