Fossil SCM

← Back to Tickets

Email in bug tickets <b>are</b> public visible (at least indirect).

Fixed

a24ec6005f2fe6a… · opened 17 years, 8 months ago

Type
Code_Defect
Priority
Immediate
Severity
Minor
Resolution
Fixed
Subsystem
one
Created
July 23, 2008 6:52 p.m.

If I file a new bug, after the field EMail: there is a hint, that the email address would not be publicly visible. But it seems to me, that the email address becomes visible if I clone the whole repository and examine the tickets and checkins afterwards via e.g. the timeline.

I have no proposal how this could prevented. Cloning tickets is IMO a good idea, but of course all data will also be cloned with them! So perhaps the solution would be to remove the Not publicly visible hint?

drh added on 2008-07-23 19:44:34:
I started writing code to encrypt the email address field. But upon further thought I realized that a determined malefactor could clone the repository and then mount a dictionary attack to recover the encryption password. So while encryption does make email address harvesting more difficult, it does not make it impossible. I wonder if it is even worth the trouble....

Perhaps the right solution is (as the OP suggests) to change the bug form to say that the contact information is not displayed on any webpage but can be recovered by miscreants who go to the trouble of cloning the repository.

drh added on 2008-07-24 00:27:46:
Here is another idea: Instead of storing the email address directly, we can store an SHA1 hash of the email address. Meanwhile maintain a mapping from hash back to email address in an auxiliary database table. This auxiliary table can be used to translate the hash back into an email address for display to authorized users. But because the auxiliary table is not shared as part of a clone or sync, remote repositories are unable to recover the original email address.

There would need to be some way to share the auxiliary table with authorized users. No such mechanism currently exists and needs to be added. But on the other hand, such a mechanism might also be used to share ticket report formats, which is something else that is currently not shared but which ought to be.

drh added on 2008-07-24 02:07:00:
Problem fixed in [f46fe42d6d]. Contact information is stored as its SHA1 hash. The new CONCEALED table in the repository database (private data that is not synced) provides a mapping back to the original email address for trusted users.

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button