[Tickets #4050] Re: Free/Busy URL Security Issue

bugs at horde.org bugs at horde.org
Tue Jun 10 17:11:50 UTC 2008


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/4050
-----------------------------------------------------------------------
 Ticket             | 4050
 Updated By         | michael.menge at zdv.uni-tuebingen.de
 Summary            | Free/Busy URL Security Issue
 Queue              | Kronolith
 Version            | 2.1.1
 Type               | Enhancement
 State              | Rejected
 Priority           | 1. Low
 Milestone          |
 Patch              |
 Owners             |
-----------------------------------------------------------------------


michael.menge at zdv.uni-tuebingen.de (2008-06-10 13:11) wrote:

As my request http://bugs.horde.org/ticket/6889 was marked as dublicated i
will repost my sugestion here to keep it on this request.

--------------------
Make free/busy informations shares

Making the free/busy information share has some advantages.
1. It will allow the user to controll who is able to acces the
information
2. The user can have more than one F/B url (with different calendars
checked and different permisions)
3. Only users with acces to the share could connect loginid and Name/email
addres.
   Even that could be impeded by generating an URL that does not contain
the loginid
   If implemeted that way validating LoginIds would be impossible and
geting
   emailaddresses would be much harder and only possible for users wich
   allow read acces to unauthenticated users

Followin is an example:

A professor could tell his students the URL
horde.some.edu/kronolith/fb.php/aefhca56c4 the see the Free/Busy
informations
which will only contain his consultation-hours as free time.

and his staff members get the URL
horde.some.edu/kronolith/fb.php/ab4h3a0815 which will contain the
Free/Busy information for his working time

he has also a third which share which also contains his private events and
is used when he is planing an events with attendees.





More information about the bugs mailing list