we just discovered three things while testing our new Discourse site with the certificate created by discobot after finishing the tutorial:
the html ‘title’ tag is “test_cert”
the certificate can be accessed without beiing logged in to Discourse
the certificate is created dynamically by getting the user_id within the URL. Using this anyone can go through all user_id from 1 to * and get info about all created users.
Especially the third point bothers us as we try to not publish any user info of users unless they post actively. This together with point 2 is big information leak…
I’ll fix this next week once I’m back from my short break
@bkampmeyer Is your site a login only forum? The only info exposed by the SVG is the username and that could potentially allow them to access more public information via the /u/<username> route. However, I don’t see it as an information leak since the information is meant to be public.
thanks for your quick replies! Really appreciate that!
Nope, it’s not as we want it readable to everyone. However, we want to protect as much information as possible from our accounts which don’t post.
The latter is used by us to let people get mails when we publish News (by ‘watching’ the category).
As it’s a special use case I’m not sure how many people will be troubled by this behaviour…
The ‘/u’ doesn’t work if you disable the setting ‘enable user directory’.
No urgent drama from my side but if you try everything to hide users who don’t post on public categories this certificate behavior isn’t very pleasant…
You are headed down a long rabbit hole here, what about autocomplete JSON api, type @a in a post and you can see the call. Fishing out all usernames is trivial that way. Seal that and then what about search, it searches for usernames, even anon gets to do that.
At some point you are destroying usability cause of an incorrect assumption
Starting to see that as well, thanks for the other hints regarding the userlists nonetheless!
I’m aware that Discourse wasn’t designed with such use cases in mind and that it’s quite a complex software so ensuring no user information is publicly available is either naive or unrealistic.
Apart from little customization issues we’re really thrilled by Discourse and it’s abilities, thanks for coding/testing/thinking/setting up/sharing!