[Pmwiki-users] security problem -> edit password
Jonathan Scott Duff
duff
Fri Jan 23 07:54:11 CST 2004
On Fri, Jan 23, 2004 at 01:11:06PM +0100, lists at basel-inside.ch wrote:
> > Just the moment i found a mysterious thing.
>
> > Some of my pages i have secured with a password on read-level. This works so
> > far fine but if i add the param =edit directly to the uri then i can read
> > the contents of the secured page without being asked for a password.
> >
> > Is this a known problem?
> >
> > What can i do to workaround this?
>
> A read password doesn't imply a edit protection,
Perhaps it should. A "common sense" way things should work is that the
read password should prevent people from reading the page via normal
browsing, ?action=edit, and ?action=source.
What says the list?
-Scott
--
Jonathan Scott Duff
duff at lighthouse.tamucc.edu
More information about the pmwiki-users
mailing list