[pmwiki-users] Maybe i'm dumb

Radu radu at monicsoft.net
Fri Apr 15 16:15:04 CDT 2005


Added to
http://www.pmwiki.org/wiki/PmWiki/ConditionalMarkup

I hope it's appropriate.

At 05:00 PM 4/15/2005, Patrick R. Michaud wrote:
>On Fri, Apr 15, 2005 at 04:52:04PM -0400, Radu wrote:
> > It's a new addition
> >
> > (:if auth !admin:)
> > code seen by other than admins
> > (:if auth admin:)
> > code seen by admins
> > (:if:)
> >
> > Hey, what happens to these kind of things when someone looks at such a 
> page
> > and presses "Show Source"?
>
>If someone views the HTML source in the browser, then the text
>isn't even there -- it's removed from the output entirely by
>the conditional markup.
>
>However, if someone has read permission to the page and uses
>?action=source, they'll see the entire source including the
>conditional markups.  As per my earlier message today [1], I
>think I'm going to take the position that PmWiki's smallest
>atom of security is the page, and not individual pieces of the page.
>In other words, (:if ...) is a useful way for suppressing parts of
>a page but not for protecting it.
>
>Pm
>
>[1] http://www.pmichaud.com/pipermail/pmwiki-users/2005-April/012494.html

Cheers,
Radu
(www.monicsoft.net) 




More information about the pmwiki-users mailing list