[Pmwiki-users] Re: remove uploaded files?

Fábio Reis Cecin frcecin
Mon Sep 6 10:31:04 CDT 2004


From: "Patrick R. Michaud" <pmichaud at pobox.com>
 >>(...)
 >>It's probably better if Patrick explains the reasoning behind this.
 >
 > ...only that I didn't feel like starting down the slippery-slope of
 > a full-fledged file management system.  After implementing
 > "delete file"
 > I can see that someone would want different permissions for that
 > operation, and then "file rename" and ... well, that gets a bit
 > beyond the simplicity I've been looking for.  But if someone else
 > wants to implement those features I don't have a real problem with
 > it.

Both "file delete" and "file rename" would be useful :-) BUT:

Then again, I was thinking about the last vandalization on my
wiki that I had to deal with: somebody spamming the "GroupHeader"
and "GroupFooter" of every wikigroup.

That is, the guy was exploiting a powerful PmWiki feature to crap
on hundreds of pages with just a single edit, and I had trained
people to fix pages the regular way (editing the offending page)
and they were stumped, thinking the wiki was "hacked", etc. So
now I lock each header/footer page with the admin password.

GroupHeader and GroupFooter are excellent, powerful and simple
features. But every feature is a new potential vulnerability
and a worry for the future, even the most simple ones. And
thinking about a misused DELETE feature gives me the creeps.

So, having the option of integrating a full-featured, 3rd party
file engine with PmWiki (such as Phpfm that Ben suggested) would
be better, because at least the feature is another project with
an independent coding force. Probably it would not look as
integrated in the wiki as the custom-crafted Attach: engine
(example: different authentication space/rules/attributes), but
that would be the trade-off offered for a lot more flexibility
in the actual handling of files.

(Just tossing around some ideas... probably I will not be able
to help with code :-) )

- Fabio



More information about the pmwiki-users mailing list