• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Locking down user home pages was added to Dakar, it is a requirement to work around the issue of sending password reminders.

This is bad for several reasons:

  • A typical TWiki installation behind firewall (TWiki:Codev.TWikiMission) uses external authentication (LDAP, NIS etc) where password reminders are not applicable
  • It sends the wrong message. Wiki collaboration needs to be open for all. Locking down ones home page brings us back to the database world with tight access control, which is the opposite of free form wiki collaboration. Lets remove that mental barrier to collaboration
  • Other users can't fix typos on user home pages
  • Other users can't send a message to another user (barn star etc)

Peter pointed out this design issue to Martin several month ago in an IM conversation but we collectively took no action.

Possible solution is to store e-mail addresses internally in TWiki (and keep the e-mail in the user home page). Whenever a user saves his/her own topic the internal address gets updated (and ignored if someone else changes the e-mail address)

  • Can this information could be stored in .htaccess? MC
  • Not sure it can. It does not need to be. It can be a separate .emails file PTh



If I recall correctly, we discussed to add the e-mail address to the wite protected TWikiUsers topic, e.g.

  • SomeUser - somelogin - someuser@somwhere.org - 05 Oct 2005


In retrospect might be better to have them completely invisible, as it is too easy to filter out the spam filter.

However, now we have the UserList topics does anyone except the administrator need access to view TWikiUsers?

We do need to ensure the login name is viewable by the user, but that might be better as a lookup displayed on the user's home page.


I understand the points made, and don;t like locking down home pages, but I can't see us coming up with an alternative in the immediate future. Deferred - we should address this in Edinburgh.


Not agreed, this needs to be looked at.


redefered - we are 3 days away from a release candidate. this mean is is too late to change the way things are done.

-- SD

And reopened. Lets look at the outstanding issues together at the time of the release candidate. I am not saying that this must be fixed, just that the options need to be looked at and then decided at the time of RC.


Peter, you are not following the work practice that we are using here in the Bugs web (for months now). we are trying to track what needs to be done, not waht needs to be considered. deffered, until such time as its actively decided to be acted upon. we need to be able make it obvious what the current headline items are.


it's still an "Urgent" thing (which is different than "Requirement"). i also do not like home pages being locked down by default. as previously stated, it's not very wiki-like. otoh, it's not as if home pages have been promoted very heavily for the purpose of communication (like on usemod.com et al); rather, it's more about configuration settings. so there is some tension here as to what they're supposed to do.

reiterating cdot's point, "I understand the points made, and don't like locking down home pages, but I can't see us coming up with an alternative in the immediate future." so, until there is at least a plan of action, or someone is actively working on it, it should stay "Deferred"

sounds perhaps like this discussion should move back to Codev?


Anything that helps fix this collaboration issue should be done. This design issue could be a reason to delay the Dakar release if nobody is actioning on it.


Follow-up in TWiki:Codev/RemoveWriteProtectionOfUserHomePages


Undeferred, post Dakar CC

TWiki4 ships with world-writable user home pages pr. default already, closing this. Report seperate issues hidden in this discussion as new items?

-- SP

Summary User home pages should not be write-protected
ReportedBy PeterThoeny
SVN Range

AppliesTo Engine

Priority Urgent
CurrentState Closed

TargetRelease major
Edit | Attach | Watch | Print version | History: r16 < r15 < r14 < r13 < r12 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r16 - 2006-02-20 - SteffenPoulsen
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback