Do not expose confidential account requests to public issue tracker (gitlab)
Lars Michalowski reported an issue
Hi!
When trying to login at typo3.org without success I finally found this note (light blue box) on the login page (https://my.typo3.org/login/?no_cache=1):
"Important: If you have not logged in at typo3.org since Dez 2016, your user account is inactive.
Please use the feedback form below, if you want to recover your account and submit your username and your email used with this account. Otherwise we can't verify it."
Since this was true for me I used the yellow button "provide feedback" at the bottom of the page (this was the only feedback form I found on that page). I entered my details (you can see it as issue #290 on https://git-t3o.typo3.org/t3o/my/issues).
I was absolutely not aware of the fact that my confidential request about reactivating my account would become public available as an issue on the official issue tracker of my.typo3.org!
So please consider the following:
-
Provide a confidential way of submitting account related requests and do not use the general feedback form for that.
-
Provide information on the general feedback form about the automated publication of the entered data on https://git-t3o.typo3.org/t3o/my/issues so users will be aware of that before submitting the form.
Thanks, Lars Michalowski
Reported URL:https://my.typo3.org/login/?no_cache=1
User Agent:Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
AC
-
Newly created tickets via Feedback Form need to be confidential