[pmwiki-users] ZAP security vulnerability...
The Editor
editor at fast.st
Thu May 3 15:55:41 CDT 2007
On 5/3/07, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Thu, May 03, 2007 at 09:18:46PM +0100, Hans wrote:
> > Thursday, May 3, 2007, 9:11:44 PM, Patrick R. Michaud wrote:
> >
> > > Precisely the approach I'm ending up taking, FWIW.
> >
> > I would love to know more about your idea so pages could also
> > "inherit" posting permission from another page. I take it this would
> > be under author control, so an author would not need to insert a
> > posting permission marker on every page?
>
> At the moment I'm planning for it to be under admin control.
> Author control seems a little too risky, and possibly not
> necessary.
I'm about to release a new version of ZAP but would like your input on
the two questions I asked earlier...
1) I'd like to enable ZAP forms to post data to their own page by
default... How risky is that? They won't be able to post to any
other pages, or use any advanced commands... Just save PTV's.
2) What about having a few default groups like forums, comments, or
blogs that are postable by default with proper warnings to admins of
the associated risks?
Personally I'm leaning towards 1 and against 2.
Cheers,
Dan
More information about the pmwiki-users
mailing list