[pmwiki-users] Maybe i'm dumb
radu at monicsoft.net
Fri Apr 15 16:15:04 CDT 2005
I hope it's appropriate.
At 05:00 PM 4/15/2005, Patrick R. Michaud wrote:
>On Fri, Apr 15, 2005 at 04:52:04PM -0400, Radu wrote:
> > It's a new addition
> > (:if auth !admin:)
> > code seen by other than admins
> > (:if auth admin:)
> > code seen by admins
> > (:if:)
> > Hey, what happens to these kind of things when someone looks at such a
> > and presses "Show Source"?
>If someone views the HTML source in the browser, then the text
>isn't even there -- it's removed from the output entirely by
>the conditional markup.
>However, if someone has read permission to the page and uses
>?action=source, they'll see the entire source including the
>conditional markups. As per my earlier message today , I
>think I'm going to take the position that PmWiki's smallest
>atom of security is the page, and not individual pieces of the page.
>In other words, (:if ...) is a useful way for suppressing parts of
>a page but not for protecting it.
More information about the pmwiki-users