[Tickets #4050] Re: Free/Busy URL Security Issue
bugs at horde.org
bugs at horde.org
Tue Jun 10 17:11:50 UTC 2008
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/4050
-----------------------------------------------------------------------
Ticket | 4050
Updated By | michael.menge at zdv.uni-tuebingen.de
Summary | Free/Busy URL Security Issue
Queue | Kronolith
Version | 2.1.1
Type | Enhancement
State | Rejected
Priority | 1. Low
Milestone |
Patch |
Owners |
-----------------------------------------------------------------------
michael.menge at zdv.uni-tuebingen.de (2008-06-10 13:11) wrote:
As my request http://bugs.horde.org/ticket/6889 was marked as dublicated i
will repost my sugestion here to keep it on this request.
--------------------
Make free/busy informations shares
Making the free/busy information share has some advantages.
1. It will allow the user to controll who is able to acces the
information
2. The user can have more than one F/B url (with different calendars
checked and different permisions)
3. Only users with acces to the share could connect loginid and Name/email
addres.
Even that could be impeded by generating an URL that does not contain
the loginid
If implemeted that way validating LoginIds would be impossible and
geting
emailaddresses would be much harder and only possible for users wich
allow read acces to unauthenticated users
Followin is an example:
A professor could tell his students the URL
horde.some.edu/kronolith/fb.php/aefhca56c4 the see the Free/Busy
informations
which will only contain his consultation-hours as free time.
and his staff members get the URL
horde.some.edu/kronolith/fb.php/ab4h3a0815 which will contain the
Free/Busy information for his working time
he has also a third which share which also contains his private events and
is used when he is planing an events with attendees.
More information about the bugs
mailing list