[pmwiki-users] Q:ZAP setting attr
Hans
design5 at softflow.co.uk
Tue Apr 3 07:58:35 CDT 2007
Tuesday, April 3, 2007, 11:37:38 AM, The wrote:
> Basically you do
> (:zap attr="Group.Name|passwdedit|id:Jiri":)
> If page doesn't exist, it creates it. As with many ZAP functions, this
> is quite powerful, because you can reset anything, including text or
> ctime, or whatever.
Powerful perhaps, but the security implication do scare me:
you can reset any password on any page, totally disregarding the
page's security setting. Not only that, but you can change any, reset,
erase any of any page's attributes, including the page content and the
page history itself.
I start to think when you use the word "powerful" it may mean "high
security risk".
~Hans
More information about the pmwiki-users
mailing list