[kronolith] Privacy in Kronolith 3.0 vs. Horde admin rights
Christoph Haas
chhaas-ml at uk-bw.de
Wed Apr 13 13:49:07 UTC 2011
Hello Jan,
Jan Schneider <jan at horde.org> wrote on 2011-04-13 14:32:
>
> Zitat von Christoph Haas <chhaas-ml at uk-bw.de>:
[...]
>> -> Is there a way to prohibit admins seeing _private_ appointments of
>> useres
>> which share their Kronolith calendar with them?
[...]
> This is not easy, because all APIs of Kronolith (or any Horde app fwiw)
> assume a current user. This could be a guest user, an authenticated
> user, or an admin. Depending on this user state certain information is
> returned, hidden, etc. We need to return the full event details for
> admins, because this is how we pull events when sending event reminders
> or daily agendas.
>
> Jan.
thank you for you fast reply!
But your answer is not really satisfying in matters of data privacy
protection :-( there are a lot of thinkable (and existing) scenarios,
where this leads to real harm.
E.g. not all appointments of a team-leader should be visible to
team-members, etc.
Could the event reminders and agendas not be pulled by a pure system
account? Other systems do so, to keep privacy.
Do I have to file for this issue a bug or enhancement ticket in the
horde bugtracker?
And when yes, where should it be assigned: "Horde Framework Packages"
(since I guess that such privacy things regard more than the Kronolith
app)? Or somewhere else?
TIA
Christoph.
--
Mit freundlichen Gruessen / Yours sincerely
Christoph Haas
Linux User #99546
GnuPG-/PGP-fingerprint: 944B D713 F72F 4398 B156 8089 DA8B 68F1 1543 51C3
GnuPG-/PGP-public-key:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x154351C3
More information about the kronolith
mailing list