[pmwiki-users] Re: pmwiki-users Digest, Vol 3, Issue 1
Patrick R. Michaud
pmichaud at pobox.com
Thu Sep 1 16:14:09 CDT 2005
On Thu, Sep 01, 2005 at 01:57:22PM -0700, H. Fox wrote:
> > > Listing pages that the user cannot display makes no sense of course.
> > Actually, there are environments and applications where it *does* make
> > sense. At any rate, PmWiki leaves it up to the administrator via
> > the above option.
> Why not protect by default and have unprotecting be an option?
We could do that, but there are a few reasons for the existing
unprotected default. One reason is history; existing wikis are
using the existing setting, and it's not always nice to suddenly
change the default on admins when they upgrade. Even if we put big
stars and warnings around the change, many admins will upgrade across
multiple releases and miss it. Another reason is just consistency;
in general most things in a default PmWiki install are relatively open,
so pagelists probably ought to follow that rule. But mostly it's
practical; it's easier to notice that a page is listed and shouldn't
be than it is to notice that a page that isn't shown ought to be.
I'll put a note about $EnablePageListProtect in the sample-config.php
file, which ought to be a big help. However, it's worth pointing out
that read-protected pages still appear in the RecentChanges and
AllRecentChanges lists, so even this is an imperfect solution.
More information about the pmwiki-users