I’ve been evaluating Kanboard for use within our organization, love the simplicity and was getting it setup and configured in preparation for launch when I discovered the “Public Access” feature. Any user, regardless of permissions can enable an RSS feed, then, anyone with that link can see the feed. What that means, is if someone either inadvertently enables the feed and shares it out of convenience or someone decides to maliciously share it, The organization’s projects can be easily seen in the wild. It would be nice if this feature could be disabled by the admin for security reasons.
1 Like
A regular user can only enable his personal feed. To avoid this, I’d remove the Public access section from the users My profile sidebar.