• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Originated in TWiki:Support/IsTrashASecurityHole : For installations that use read access control, the Trash web should be view access restricted.

For Dakar I suggest to do this:

  • Set the ALLOWTOPICVIEW by default to TWikiAdminGroup
  • Test if non-admin users are still able to delete content into Trash (possible in Cairo)

Since this security setting might not apply to all sites it could be done optional. In which case, it should be described in the installation instructions (and Trash web left open).

-- PTh

TWiki needs to be as secure as possible by default - we must set ALLOWTOPICVIEW to the AdminGroup (and test)

svn:7020 -- SD

I did some testing and it works to set ALLOWEBVIEW to TWikiAdminGroup. Implemented this and added note about this setup in Trash.

svn:7024

DakarReleaseNotes SVN:7026

--LB

Reopening this, see today's entry at TWiki:TWiki:Support/IsTrashASecurityHole with: The text of the topic after the move gets replaced by "No permission to read topic Trash.Topic - perhaps you need to log in?" This is a Cairo issue that might be carried over into Dakar.

Could someone test if a person who is not in the TWikiAdminGroup can trash a topic and an attachment?

-- PTh

works fine on my dakar test setup -- SD

ItemTemplate
Summary Secure Trash web
ReportedBy PeterThoeny
AppliesTo Documentation
Priority Normal
CurrentState Closed
WaitingFor

Checkins 7020 7024 7026
Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r9 - 2005-10-29 - WillNorris
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback