[pmwiki-users] self-registering for notification emails
Neil Herber
nospam at eton.ca
Mon Jun 5 09:23:46 CDT 2006
At 2006-06-05 09:11 AM -0500, Ben Wilson is rumored to have said:
>For what it's worth, I am beginning to take a different approach to
>the same thing. When you use (:if:) conditionals to conceal text,
>remember that if a user can ?action=source, then the concealed text is
>available.
Hi Ben
I am not sure that you have to be quite this cautious. Action
"source" requires "edit" permission (at least it does on my wikis).
One potential security leak is action "diff" which will expose edits
to anyone with read access. The way around that is to recreate the
page without history after an edit.
Neil Herber
Corporate info at http://www.eton.ca/
More information about the pmwiki-users
mailing list