Hi,
On Thu, Jun 30, 2011 at 8:15 AM, Paul Harris <harris.pc(a)gmail.com> wrote:
Hi guys,
I installed the "Admin Tools" plugin
http://extensions.xwiki.org/xwiki/bin/view/Extension/AdminTools
And found that half the stuff didn't work anyway.
Regardless, carrying on, I am hoping the User Rights tool will be helpful,
however it can't seem to check the most important user:
the Unregistered User
And what is worse, I discovered by accident that the Unregistered User can
access the space!
For example, an unregistered user can access the /xwiki/Admin/RunQuery
page,
which could be used to run queries directly on the database, for example
select * from xwikipreferences
Does this give anyone else a heart attack too??
I don't think this "extension" is part of the standard XE/XEM release. You
should be careful when installing extensions.
WHY is there no default "cannot view unless admin says so" mode?
This is a problem with all of my spaces. When I create a space, I want to
then have to go and ALLOW people to access it. Not open by default, that
is
much harder to configure.
It's a wiki, and wikis are supposed to be open by default. If the the
default behaviour is "closed", it would be hard for a normal user to create
a space and allow other users to contribute content (he'll have to wait for
the admin to open that space).
This is only my personal understanding and I'm not a professional XWiki
user, so let's wait for some other views as well.
Thanks.
- Asiri
Can someone please look at rights management, it seems to be insecure by
default, and makes me scared.
thanks.
Paul
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users