[pmwiki-users] Maybe i'm dumb
Patrick R. Michaud
pmichaud at pobox.com
Fri Apr 15 16:00:32 CDT 2005
On Fri, Apr 15, 2005 at 04:52:04PM -0400, Radu wrote:
> It's a new addition
>
> (:if auth !admin:)
> code seen by other than admins
> (:if auth admin:)
> code seen by admins
> (:if:)
>
> Hey, what happens to these kind of things when someone looks at such a page
> and presses "Show Source"?
If someone views the HTML source in the browser, then the text
isn't even there -- it's removed from the output entirely by
the conditional markup.
However, if someone has read permission to the page and uses
?action=source, they'll see the entire source including the
conditional markups. As per my earlier message today [1], I
think I'm going to take the position that PmWiki's smallest
atom of security is the page, and not individual pieces of the page.
In other words, (:if ...) is a useful way for suppressing parts of
a page but not for protecting it.
Pm
[1] http://www.pmichaud.com/pipermail/pmwiki-users/2005-April/012494.html
More information about the pmwiki-users
mailing list