Hiding /users from authenticated users
|Reported by:||abrightwell||Owned by:||Ryan J Ollos|
Currently /users is exposed to the world. Therefore, exposing usernames to anyone whether authenticated or not. This seems like it would be quite the "security" issue for privately hosted/managed trac instances.
Perhaps checking the request for an 'authenticated' setting/flag and appropriately redirecting to the default "forbidden" page if necessary would be the proper approach?