[Pmwiki-users] security problem -> edit password
Nathan Jones
nathanj
Sun Jan 25 22:42:58 CST 2004
Hi Patrick,
>...In other words, the read password protects
>the read operation, the edit password protects the edit operation, etc.
This is fine, but I would expect many users to have an innate expectation
that a read password would prevent any reading of the data. I have a page
on my personal wiki called Private, which is read protected. It had not
occurred to me that someone could add "?action=edit" and see the content.
Fortunately, the whole wiki is currently edit protected.
>There's precedent for this--for example, on Unix/Linux systems write
>permission means that someone can write to a file even though they
>cannot read it,
"Edit" does not equal "write". With Unix, you can write to a file (ie.
overwrite and possibly append), but you can't edit a file (ie. access
contents and make changes).
>...there could be situations where someone would want to allow page
>edits even though page reading is restricted.
I can't think of any at the moment, either. Perhaps there might be
situations where you'd want people to be able to create new pages in a
read protected group (eg. "submit your suggestion and we'll review it
before making it visible"), but I doubt you'd want people to be able to
edit/access existing pages in the group.
>And even if we say that a read password implies an edit and attr password,
>what should those be? Should they default to be the read password in
>absence of a setting? (Somehow that seems wrong to me.)
My thinking is that a read protected page should not be accessible until
the read password is provided. Therefore, actions that require access to
the page (such as edit) should not work without the read password. "You
can edit this page, as there is no edit password, but I can't let you
edit it yet, because the data is not accessible without the read
password".
I don't know much about how PmWiki's auth system works, so I don't know
what's involved in such a change. The simpler approach of using the read
password for any action that doesn't have a password set is fine too.
--
nathanj
More information about the pmwiki-users
mailing list