Comment visibility - security issue
Hi!
It seems that comment visibility is not handled very well by Gemini. In my setup, I have a user group for internal users and one for customers. I can mark comments to be viewable only by users of the internal users group, no problem. But there are two problems, one of which is annoying, the other one utterly unacceptable:
Users who shouldn't be allowed to see certain comments still see the complete NUMBER of comments (e.g. below the issue description they see "Comments (6)" but only two comments are visible for them).
Regardless of whether users should be allowed to view comments or not, if they click on "Print Friendly", the can see ALL comments on the resulting page, completely bypassing all permission settings! This, of course, is a major security issue, one I'm glad I found before actually implementing Gemini!
Please fix this bug ASAP, as other Gemini customers might have this problem as well without ever noticing.
Thanks,
Regards,
Martin Segur.
duncan
· 1 |
|
Monday, September 7, 2009, 9:46:16 PM |