[pmwiki-users] unset password = history gone?
Patrick R. Michaud
pmichaud at pobox.com
Thu Dec 15 09:07:08 CST 2005
On Thu, Dec 15, 2005 at 09:12:02AM -0500, Russ Fink wrote:
> Hello - I observed a behavior, and wondered if this is intentional. If so,
> Very Cool! Here is what happened.
> I had a password-protected group and a HomePage in that group with some
> phone numbers on it. I edited the page, erased the phone numbers, clicked
> on save, and then went to the group and set the read-only password to
> "clear." I left the edit and attr passwords set, however.
> I was concerned about people being able to access the freshly deleted phone
> numbers, so I went to the page and selected "history" to see if I could
> recall the sensitive information - but it came up blank. Hooray!
> Tell me, why is this? Is it a fluke of my setup, intelligent design, or
> because I still had the edit password set on the page?
What version of PmWiki are you running? If you're running something
earlier than 2.0.11, there was a rather large bug (I don't know when
it was introduced) that would cause the page history to be lost
whenever any password was changed. I'm guessing that's what happened
here. In later versions that doesn't happen.
> In general, if I really want to be sure about scrubbing sensitive
> information from history logs, particularly of those pages whose content I
> "declassify," what do I have to do?
Take a look at http://www.pmwiki.org/wiki/Cookbook/ExpireDiff, which
can be used to remove page revision history information from a page.
More information about the pmwiki-users