[pmwiki-users] Maybe i'm dumb

Patrick R. Michaud pmichaud at pobox.com
Fri Apr 15 16:00:32 CDT 2005


On Fri, Apr 15, 2005 at 04:52:04PM -0400, Radu wrote:
> It's a new addition
> 
> (:if auth !admin:)
> code seen by other than admins
> (:if auth admin:)
> code seen by admins
> (:if:)
> 
> Hey, what happens to these kind of things when someone looks at such a page 
> and presses "Show Source"?

If someone views the HTML source in the browser, then the text
isn't even there -- it's removed from the output entirely by
the conditional markup.

However, if someone has read permission to the page and uses 
?action=source, they'll see the entire source including the
conditional markups.  As per my earlier message today [1], I 
think I'm going to take the position that PmWiki's smallest 
atom of security is the page, and not individual pieces of the page.
In other words, (:if ...) is a useful way for suppressing parts of
a page but not for protecting it.

Pm

[1] http://www.pmichaud.com/pipermail/pmwiki-users/2005-April/012494.html



More information about the pmwiki-users mailing list