98819 - Should have a parameter requiring privileged users to enter a password before tweaking params

Status: RESOLVED WONTFIX

(Bugzilla :: Administration, task, P4)

Description

[Christopher Aillon (sabbatical, not receiving bugmail)]

See bug 98818.  It could be a concern that someone steals a cookie or in a
multiuser environment where someone steps out for a second without logging off.
 There should be a global parameter to require entering a password for these
global tasks which can lead to DB data loss if an account is captured
momentarily.  It should be on by default also IMO.

Comment 1

[Dave Miller [:justdave]]

Enhancements which don't currently have patches on them which are targetted at
2.18 are being retargetted to 2.20 because we're about to freeze for 2.18. 
Consideration will be taken for moving items back to 2.18 on a case-by-case
basis (but is unlikely for enhancements)

Comment 2

[Dave Miller [:justdave]]

Bugzilla 2.20 feature set is now frozen as of 15 Sept 2004.  Anything flagged
enhancement that hasn't already landed is being pushed out.  If this bug is
otherwise ready to land, we'll handle it on a case-by-case basis, please set the
blocking2.20 flag to '?' if you think it qualifies.

Comment 3

[Dave Miller [:justdave]]

Reassigning bugs that I'm not actively working on to the default component owner
in order to try to make some sanity out of my personal buglist.  This doesn't
mean the bug isn't being dealt with, just that I'm not the one doing it.  If you
are dealing with this bug, please assign it to yourself.

Comment 4

[Gervase Markham [:gerv]]

I've not heard of an instance of this happening, and having to enter your password every time you alter the params would be a right pain. WONTFIX.

Gerv