Tickets :: [#7384] Users of shared hosting can see calendars of other users

Summary	Users of shared hosting can see calendars of other users
Queue	Kronolith
Queue Version	2.3-RC1
Type	Enhancement
State	Duplicate
Priority	1. Low
Owners
Requester	alec99 (at) mail (dot) ru
Created	09/24/2008 (6127 days ago)
Due
Updated	10/06/2008 (6115 days ago)
Assigned
Resolved	09/24/2008 (6127 days ago)
Milestone
Patch	No

10/06/2008 04:30:03 AM	robot (dot) terror (at) gmail (dot) com	Comment #3	Reply to this comment
Please note, the issue is not limited to Kronolith only but to any and all Horde components using the "lib/Horde/Perms/UI.php" library and the "templates/shares/edit.inc" form to allow sharing with "default", A.K.A., "All Authenticated Users". Currently, Kronolith, MNemo and Turba share data between users of diferent domains on the same server. That is, there is no evident way to isolate users of virtual domains.

09/24/2008 05:29:06 PM	Jan Schneider	Comment #2 State ⇒ Duplicate Priority ⇒ 1. Low	Reply to this comment
Ticket #5336.

09/24/2008 07:46:46 AM	alec99 (at) mail (dot) ru	Comment #1 Priority ⇒ 3. High Patch ⇒ No Milestone ⇒ Queue ⇒ Kronolith Summary ⇒ Users of shared hosting can see calendars of other users Type ⇒ Enhancement State ⇒ New	Reply to this comment
When a user of shared hosting account shares his or her calendar to "all authenticated users", the user unwittingly is allowing all users of all domains on the same shared hosting system to view their calendar. This has become a problem for shared hosting providers, who provide access to Kronolith with Linux hosting packages. Is it possible to add the restriction feature "all authenticated users under this domain"?