<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On 11 Jul 2009, at 21:07, Hendrik Baecker wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>Christian Schneemann schrieb:<br><br><blockquote type="cite">My problem is, that I cannot access this tracker entry if I'm logged in, I get <br></blockquote><blockquote type="cite">an access denied, if I log me out I can access the entry.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Any suggestions? This is the entry that troubles me <br></blockquote><blockquote type="cite"><a href="http://tracker.nagios.org/view.php?id=15">http://tracker.nagios.org/view.php?id=15</a><br></blockquote><blockquote type="cite"><br></blockquote>Hi Christian,<br><br>I took a deeper look into the mantis stuff... As the tracker starts up<br>everyone was allowed to submit new issues as an anonymous user mapped to<br>"guest". A few weeks ago authorization was hardend a bit. "guest" isn't<br>longer allowed to submit new issues but he's allowed to edit his own.<br><br>Regarding the #15, it was marked as "private" (guess cause the security<br>level) and those issues are only viewable as "developer" access level +<br>initiator of the issue - bad thing up to here.</div></blockquote><div><br></div>Personally, I think security items should be listed, but details not displayed. This shows that someone can see there is a vulnerability, but not necessarily access information about how to exploit it.</div><div><br></div><div>However, I'll bend to the consensus. I suggest we update the dev guidelines to reflect the decision.</div><div><br></div><div><blockquote type="cite"><div>I've just changed the issue owner to the administrator user to prevent<br>the viewing by the anonymous user.<br><br>Your comment related to the IDN Domains is attached to the post, if you<br>have more ideas on it, please send a message off-list to Ethan, Andreas<br>Ericsson and Ton Voon.</div></blockquote><div><br></div></div>Is there a definitive list of all characters used in IDN Domains?<div><br></div><div>Ton</div><div><div><br></div></div></body></html>