id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release 10218,Bookmarks for anonymous users are shared,Jun Omae,yosiyuki,"Only `username` column in the `bookmarks` table identifies a user. Therefore, a anonymous user can remove bookmarks for other anonymous users. My proposals: 1. Refuse the access to bookmarks by anonymous user 2. Add `sid` and `authenticated` columns (are similar to `session` table) {{{ sqlite> select * from bookmarks; resource name username ---------- ---------- ---------- / anonymous /timeline anonymous /roadmap anonymous /milestone anonymous /wiki/Came anonymous /wiki/Came anonymous /timeline? anonymous /ticket/6 anonymous /bookmark anonymous /ticket/1 foobar /ticket/2 foobar /wiki foobar }}}",defect,closed,high,BookmarkPlugin,normal,fixed,,Jun Omae Ryan J Ollos,0.12