[pmwiki-users] Security/information leak in PmWIki
Stefano
steagl at people.it
Sat Feb 19 11:11:42 CST 2005
Il Thu, 17 Feb 2005 13:18:24 -0600, "Patrick R. Michaud"
<pmichaud at pobox.com> scrive:
>On Thu, Feb 17, 2005 at 01:22:12PM -0500, Neil Herber wrote:
>> 1) If I search for "/", PmWiki gladly displays the group name and the name
>> of all the pages it contains. Names like Private.Budget seem to attract
>> attention.
>> 2) By using various search terms, I can glean some information from the
>> supposedly private pages. For example, if I search for "Project X" and get
>> a hit on the page "Private.Budget", that implies some discussion of the
>> project in the budget.
>
>Remove the Private group from searches, by adding:
>
> $SearchPatterns['default'][] = '!^Private\.!';
> $SearchPatterns['all'][] = '!^Private\.!';
> $SearchPatterns['normal'][] = '!^Private\.!';
>
>> 3) The AllRecentChanges page exposes all of the editing activity in the
>> Private group.
>
>In local/Private.php, add
>
> unset($RecentChangesFmt['Main.AllRecentChanges']);
How can i do it for only some specific pages in a category?
--
Stefano Aglietti - StallonIt on IRCnet - ICQ#: 2078431
Email: steagl at people.it - steagl at despammed.com
BlogPage: http://www.40annibuttati.it/
PGP keys available on keyservers (cripted & signed PGP mail welcome)
More information about the pmwiki-users
mailing list