id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	launchpad_bug
1649	WUI: the error message page for a writeable file/directory nonobviously includes the write cap	davidsarah	davidsarah	"In the case of a directory, for example, the target URL of the 'More info on this directory' link includes the write cap. This is not excess authority because the 'More info' page itself includes the write cap and so needs to know it, however, it's not visually obvious that by sending someone just the HTML file of the error page, you are giving them the write cap.

(OTOH, I was prompted to file this ticket by someone who did exactly that and '''did''' understand that they were giving away the write cap.)"	defect	assigned	major	undecided	code-frontend-web	1.9.0		usability security capleak websec