[pmwiki-users] Re: pmwiki-users Digest, Vol 3, Issue 1

Patrick R. Michaud pmichaud at pobox.com
Thu Sep 1 16:14:09 CDT 2005

On Thu, Sep 01, 2005 at 01:57:22PM -0700, H. Fox wrote:
> > > Listing pages that the user cannot display makes no sense of course.
> > 
> > Actually, there are environments and applications where it *does* make
> > sense.  At any rate, PmWiki leaves it up to the administrator via
> > the above option.
> Why not protect by default and have unprotecting be an option?

We could do that, but there are a few reasons for the existing 
unprotected default.  One reason is history; existing wikis are 
using the existing setting, and it's not always nice to suddenly 
change the default on admins when they upgrade.  Even if we put big 
stars and warnings around the change, many admins will upgrade across 
multiple releases and miss it.  Another reason is just consistency; 
in general most things in a default PmWiki install are relatively open, 
so pagelists probably ought to follow that rule.  But mostly it's 
practical; it's easier to notice that a page is listed and shouldn't 
be than it is to notice that a page that isn't shown ought to be.

I'll put a note about $EnablePageListProtect in the sample-config.php
file, which ought to be a big help.  However, it's worth pointing out
that read-protected pages still appear in the RecentChanges and
AllRecentChanges lists, so even this is an imperfect solution.


More information about the pmwiki-users mailing list