View Issue Details

IDProjectCategoryView StatusLast Update
0000132WackoWikisecuritypublic2009-08-19 09:38
Reporteradministrator Assigned ToTann San  
PriorityhighSeveritymajorReproducibilityN/A
Status resolvedResolutionfixed 
Product Version4.2 
Target Version4.3.rcFixed in Version4.3.rc 
Summary0000132: Installer should check if base pages have appropriate ACL's else update values
Descriptionaffects all previous releases
Installer should check ACL values
- base pages ACL edit -> Admins
- base pages ACL comments -> $

we could made this an option to chose
TagsSPAM

Relationships

related to 0000098 resolvedTann San Updates needed with installer 

Activities

Tann San

2007-11-28 20:50

manager   ~0000202

already fixed by vendeeglobe

administrator

2007-11-29 10:38

administrator   ~0000211

it's not fixed, this issue should fix all previous installation, already running, see these pages mostly still have their former acl setting

Tann San

2007-11-29 11:07

manager   ~0000212

you can't decide that, it's up to each admin to decide for themselves. some wikis would want to have an "anyone can write" policy.

administrator

2007-11-29 15:05

administrator   ~0000214

"yes and no", but you see my intention, it's an real problem for normal users to see or even understand this, and I see this too often - vulnerable and spammed base pages while the "wiki" itself is protected

Tann San

2007-11-29 16:10

manager   ~0000215

well really it's not our duty to protect everyones sites. Once the wiki main site is polished up a bit we can have a FAQ section and one of the FAQs can be "What can I do to stop my home page being spammed?" and then in there we talk them through securing their site via ACLs. It's better to educate people to the correct usage of the wiki instead of forcing every wiki upgrader to have their permissions reset.

Issue History

Date Modified Username Field Change
2007-11-23 07:12 administrator New Issue
2007-11-23 07:12 administrator Legacy => NEW
2007-11-23 07:17 administrator Relationship added related to 0000098
2007-11-23 07:31 administrator Tag Attached: SPAM
2007-11-28 20:42 Tann San Status new => assigned
2007-11-28 20:42 Tann San Assigned To => Tann San
2007-11-28 20:50 Tann San Status assigned => resolved
2007-11-28 20:50 Tann San Fixed in Version => 5.0.0
2007-11-28 20:50 Tann San Resolution open => fixed
2007-11-28 20:50 Tann San Note Added: 0000202
2007-11-29 10:38 administrator Note Added: 0000211
2007-11-29 10:39 administrator Status resolved => feedback
2007-11-29 10:39 administrator Resolution fixed => reopened
2007-11-29 11:07 Tann San Note Added: 0000212
2007-11-29 15:05 administrator Note Added: 0000214
2007-11-29 16:10 Tann San Note Added: 0000215
2007-11-30 10:53 administrator Description Updated
2007-12-12 19:04 Tann San Status feedback => resolved
2007-12-12 19:04 Tann San Resolution reopened => fixed
2009-08-19 09:22 administrator Fixed in Version 5.0.0 => 4.3.rc
2009-08-19 09:38 administrator Target Version 5.0.0 => 4.3.rc
2010-03-08 10:22 administrator Category Security => security