For all non-admin users, I’d like to give them the ability to share via link. However, I don’t necessarily want them to randomly enter usernames until a valid username pops up in the dropdown, I would like to force an email link and prohibit entering a username (basically in the share dialog, go straight to entering a password and skip the option to enter a username). Is something like that possible?
It seems like as soon as I permit my users to share, I also create the possibility of brute-forcing usernames. Even if I disable autocompletion, a correctly entered username generates a dropdown, verifying its existence.
Did that make sense, and can I do anything about it short of not permitting sharing?
This is not possible. You could allow users only to share within their group, so you can separate certain groups from another. If you need such an option you can only create a feature request or search the code manually and comment the auto-completion function.
Thanks, I was afraid that might be the case. Can anybody provide guidance on where to locate the “dropdown when a valid username is entered” feature in the code? Or perhaps disable the sharing “username” box for anyone not an admin?
Thanks, but unfortunately disabling autocomplete doesn’t solve brute-forcing. Problem is this:
Say I have a users named User1 and User2. I turn off autocomplete. This prevents User1 from entering “Us” into the username box and getting a hit for User2. But if User1 enters “User2” into the username box, User2 suddenly pops up in a dropdown.
So a user can enter various usernames and in time build a list of other users in the system.
And I see that when emailing a share link, the email address field autopopulates. So with minimal permissions:
If I log in as User1 and I want to know if there is a User2, I type “user2” and get:
If User1 wants to email a link to a nonuser and types in part of an
email address, a single letter autocompletes with email addresses of
users, again with the above permissions set:
So User1 can get all email addresses and users on the system just by
typing a thru z into the email address field. At a minimum, it seems
turning off the autocomplete feature should turn off autocomplete both
for usernames and for email addresses.
I think in my case I’ll just need to prevent users from sharing to
prevent this kind of information leakage. Which is unfortunate because
after trying out the email link, I can see some great uses for it.
Thanks again though, maybe this will be considered in a future version.
