id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release
8438,Hiding /users from authenticated users,abrightwell,rjollos,Currently /users is exposed to the world.  Therefore_ exposing usernames to anyone whether authenticated or not.  This seems like it would be quite the "security" issue for privately hosted/managed trac instances.\r\n\r\nPerhaps checking the request for an 'authenticated' setting/flag and appropriately redirecting to the default "forbidden" page if necessary would be the proper approach?,enhancement,new,normal,AutocompleteUsersPlugin,major,,,mitar,0.11