Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • concrexit concrexit
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 70
    • Issues 70
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 10
    • Merge requests 10
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • thaliathalia
  • concrexitconcrexit
  • Issues
  • #458
Closed
Open
Issue created Jun 25, 2017 by Joren Vrancken@jvranckenContributor

API information leakage

One-sentence description

Some private information is leaked from the database through the API.

Why?

When the ThaliApp requests events information from the website, private information is revealed. For example, the registration dates of every participant of an event and their member ids.

Current implementation

When querying the API, data is returned that is private and seemingly unnecessary.

Desired implementation

The API should only return necessary data.

Edited Jun 25, 2017 by Joren Vrancken
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking