Mail: Privacy - Auto-Complete with emails from the instance
I run a shared instance.
when people put an email in the "to" field, they get suggestion from the full instance.
I think it might good to have a parameter that would deactivate this feature.
(This is currently a privacy issue for me)
As reported here:
https://forum.indie.host/t/question-about-the-webmail/172
pierreozoux
All 11 comments
This should definitely not happen. The intention is that a user sees only addresses they have used themselves. Nothing should be shared there. https://github.com/nextcloud/mail/blob/0abf6d3110904cf2a0eac337fdb406e329372248/lib/db/collectedaddressmapper.php#L44-L51 _should_ scope the search to only find addresses that belong to the current user.
ChristophWurst
on 31 Oct 2016
On a second thought, do you know where the a auto-completed recipient came from? Was it a collected address from the DB, or maybe take from the contacts integration?
I've tried with collected addresses and could not reproduce the described problem.
ChristophWurst
on 4 Nov 2016
Ping? :-)
ChristophWurst
on 7 Dec 2016
Thanks to keep an eye on this (sorry I was out of time..).
It is from the full database of users.
But I could actually reproduce the "bug" (Or misconfiguration) from the "files" app. When I hit share, it proposes me the full database too.
There is definetely something funny with my configuration, and not necessarly the mail app.
pierreozoux
on 8 Dec 2016
But I could actually reproduce the "bug" (Or misconfiguration) from the "files" app. When I hit share, it proposes me the full database too.
Could you please file an issue at https://github.com/nextcloud/server/issues/new?
There is definetely something funny with my configuration, and not necessarly the mail app.
Could you maybe try to reproduce this bug on a fresh installation? I was unable to reproduce this here.
ChristophWurst
on 8 Dec 2016
I have the same problem, but only in the email app.
It seems that the mail client searches in the "accounts"-table as well as in the 'mail_collected_adresses' table.
That's bad because there are users on my system who must not see each other.
I checked it in NC 11.03, mail version 0.6.4 and did a quick check on a newly installed NC 12 same mail version, the result was the same.
Is there a way to search only the table mail_collected_addresses and not include the system accounts ?
Thanks in advance
HeikoBei
on 26 Jun 2017
@HeikoBei sounds like what I've fixed in https://github.com/nextcloud/server/pull/4757 (the contacts menu uses the same data source as the auto completion here).
ChristophWurst
on 26 Jun 2017
I see, the changes were made in NC 12.
I'm still using NC 11.0.3 therefore I made the modifications to apps/dav/appinfo/app.php the way you did in https://github.com/nextcloud/server/pull/4757.
Now I don't have autocompletion at all in the mail module, but that's ok for now.
As soon as I find the time to do the update to NC 12, the problem will be fixed anyway.
Thanks Christoph
HeikoBei
on 27 Jun 2017
I'm closing this issue now since it has been resolved. Note that NC12 is required though.
ChristophWurst
on 27 Jun 2017
@ChristophWurst the autocompletion is unchecked and I see again the issue.
running NC 12.0.4 and mail 0.7.9
Wondering what happened lately? (I confirm that it was fixed with removing autocompletion)
pierreozoux
on 24 Jan 2018
@pierreozoux please file a new ticket for this regression. Thanks!
ChristophWurst
on 24 Jan 2018
Related issues
StCyr
路
4Comments
jancborchardt
路
4Comments
ChristophWurst
路
3Comments
clem-bcc
路
4Comments
g6094199
路
3Comments
Most helpful comment
This should definitely not happen. The intention is that a user sees only addresses they have used themselves. Nothing should be shared there. https://github.com/nextcloud/mail/blob/0abf6d3110904cf2a0eac337fdb406e329372248/lib/db/collectedaddressmapper.php#L44-L51 _should_ scope the search to only find addresses that belong to the current user.