2 Apr
2014
2 Apr
'14
10:40 a.m.
Admin right is not deniable and it implies at the other rights except
programming. See
http://extensions.xwiki.org/xwiki/bin/view/Extension/Security+Module#HDefau…
. So admins should be able to view/edit/delete any page from the wiki
they administer, independent of the rights set on those pages.
A bad user could write though something like this:
{{velocity}}
#if ($hasAdmin)
Nice content
#else
Bad content
#end
{{/velocity}}
To prevent this you can use the watch list to get a mail with the
changes produced in the wiki and review those changes regularly (i.e.
look at the raw content not just at the rendered content) .
Hope this helps,
Marius.
On Fri, Mar 28, 2014 at 6:52 PM, Patrick Masson <masson(a)opensource.org> wrote:
I'm concerned some may be using the MyDashboard
feature of their profile
page to post inappropriate content. What access rights do admins have on
pages that are located off the MyDashboard or where permissions are set so
that only some registered users may see them?
Let's say a user was using our site to post/distribute/develop child
pornography or malware?
Patrick
--
|| | | |||| || || | |||| ||| | |||
Patrick Masson
General Manager, Director & Secretary to the Board
Open Source Initiative
855 El Camino Real, Ste 13A, #270
Palo Alto, CA 94301
United States
Skype: massonpj
sip: masson(a)getonsip.com
<https://www.getonsip.com/call?a=masson@getonsip.com>
Ph: (970) 4MASSON
Em: masson(a)opensource.org <mailto:masson@opensource.org>
Ws: www.opensource.org <http://www.opensource.org>
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users