Opened 10 months ago

Last modified 10 months ago

#13813 assigned Feature/Enhancement Request

Why are tickets publicly archived?

Reported by: Tim Stallmann Owned by: JaimeV
Priority: Medium Component: Tech
Keywords: Cc:
Sensitive: no

Description

I would be really curious to hear the justification behind this? From a security point of view it seems like it opens up a lot of potential threats to have an attacker be able to search through previous tickets related to a website and thus ascertain details of the server set up, what previous bugs have been encountered, etc. But I know y'all put a lot of thought into how the infrastructure is set up so would be curious to hear more...

Relatedly, is it possible to create private tickets for a particular hosting order or account where security is more crucial?

Change History (1)

comment:1 Changed 10 months ago by JaimeV

Owner: set to JaimeV
Status: newassigned

We have a more formal explanation here: "Why is everything in this issue tracker and wiki public?", https://support.mayfirst.org/wiki/public_wiki

However when editing any ticket under the Modify Ticket tab the ticket creator or support team can mark a checkbox to mark that ticket as sensitive and only accessible to the ticket creator and the support team. We use this often for tickets with sensitive information. If there are any specific tickets that you think shouldn't be public please let us know.

Last edited 10 months ago by JaimeV (previous) (diff)

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.