1. Bitbucket
  2. Public Issue Tracker
  3. master
  4. Issues


Issue #2395 wontfix

Add new user to repository shows (?) all bitbucket users

Pedro Cora
created an issue

Hello there,

When you are adding a new user to a private repository, the screen goes auto-completing the username and shows usernames that appear to be system-wide and not only users for that "account". At least for my case, my repos doesn't have users yet, so the field shouldn't have any users to select. Ain't this right?

My point is, for me, this is a security breach.

Comments (2)

  1. Dylan Etkin

    This is how user pickers work for most applications (JIRA and Confluence included).

    As a social site we want people to be able to discover other users and to interact with them. If you needed to know the exact username of everyone you wanted to add to your account and repositories then what would be the point of a userpicker in the first place?

    I am afraid we are going to leave the behavior as is.

    Thanks for reporting.

  2. Log in to comment