[pmwiki-devel] zap permissions questions

Patrick R. Michaud pmichaud at pobox.com
Tue Dec 19 14:51:15 CST 2006

On Mon, Dec 18, 2006 at 06:24:23AM -0500, The Editor wrote:
> Question 2.  Default permission levels
> I'm also wondering how I should set the default permissions levels.
> If I set them by default for highest security, and then require an
> admin to reset them as needed, they may not grasp how to do this at
> first, and have problems getting zap to work.  (Seems to be a common
> problem).  On the other hand, if I set everything wide open, it will
> be easier for them to get their forms working, but they may fail to
> tighten their security and have security vulnerabilities.  I did
> notice PmWiki is set to be pretty open out of the box, so maybe that
> is the way to go.
> Any thoughts?

For whatever it's worth, PmWiki has taken the viewpoint that
someone trying out a product for the first time wants to see
*something* working quickly, rather than be confronted with a lot
of setup hurdles before anything works.  So, PmWiki is relatively
open out of the box.

Following suggestions from many people on pmwiki-users, PmWiki
will soon be distributed with either a detailed "How to secure
PmWiki" page or a secure.php file example that sets security
to fairly high levels.  This will hopefully make it easy for
an admin to take the other approach -- i.e., default PmWiki
to its highest security settings, and then start to back things
down from there.

Hope this helps,


More information about the pmwiki-devel mailing list