[pmwiki-devel] zap permissions questions
Patrick R. Michaud
pmichaud at pobox.com
Tue Dec 19 14:51:15 CST 2006
On Mon, Dec 18, 2006 at 06:24:23AM -0500, The Editor wrote:
> Question 2. Default permission levels
> I'm also wondering how I should set the default permissions levels.
> If I set them by default for highest security, and then require an
> admin to reset them as needed, they may not grasp how to do this at
> first, and have problems getting zap to work. (Seems to be a common
> problem). On the other hand, if I set everything wide open, it will
> be easier for them to get their forms working, but they may fail to
> tighten their security and have security vulnerabilities. I did
> notice PmWiki is set to be pretty open out of the box, so maybe that
> is the way to go.
> Any thoughts?
For whatever it's worth, PmWiki has taken the viewpoint that
someone trying out a product for the first time wants to see
*something* working quickly, rather than be confronted with a lot
of setup hurdles before anything works. So, PmWiki is relatively
open out of the box.
Following suggestions from many people on pmwiki-users, PmWiki
will soon be distributed with either a detailed "How to secure
PmWiki" page or a secure.php file example that sets security
to fairly high levels. This will hopefully make it easy for
an admin to take the other approach -- i.e., default PmWiki
to its highest security settings, and then start to back things
down from there.
Hope this helps,
More information about the pmwiki-devel