Originated in TWiki:Support/IsTrashASecurityHole
: For installations that use read access control, the Trash web should be view access restricted.
For Dakar I suggest to do this:
- Set the ALLOWTOPICVIEW by default to TWikiAdminGroup
- Test if non-admin users are still able to delete content into Trash (possible in Cairo)
Since this security setting might not apply to all sites it could be done optional. In which case, it should be described in the installation instructions (and Trash web left open).
TWiki needs to be as secure as possible by default - we must set ALLOWTOPICVIEW to the AdminGroup
I did some testing and it works to set ALLOWEBVIEW to TWikiAdminGroup
. Implemented this and added note about this setup in Trash
Reopening this, see today's entry at TWiki:TWiki:Support/IsTrashASecurityHole
with: The text of the topic after the move gets replaced by "No permission to read topic Trash.Topic - perhaps you need to log in?"
This is a Cairo issue that might be carried over into Dakar.
Could someone test if a person who is not in the TWikiAdminGroup can trash a topic and an attachment?
works fine on my dakar test setup -- SD