Subject: | @private entries display their tags to the public |
I'm using Rubric 0.13_01, with perl 5.8.7 on a NetBSD 3.0 system.
It seems that private entries are not entirely private -- they leak
information about their tags. So for example, if I have an entry
marked as private but tagged as, say, "Brazil", any anonymous
viewer will be able to see that there's /something/ tagged as Brazil
in the database. Following that tag returns no direct results, but it
does disclose any FURTHER tags associated with the private
entry in the "related tags" box.
Similarly, a public viewer can go to /rubric/entries/tags/@private
and reap a complete list of related private tags.