[pmwiki-users] Security issue: Site/SideBar has set the nopasswd option
Stefan Schimanski
sts at 1stein.org
Fri Jul 7 18:35:49 CDT 2006
Hallo PmWiki developers,
I found out today, that for the months I am using pmwiki my Site/SideBar
was writable by everybody although I implemented authorization for the
site. The problem is that in the wikilib.d/Site.SideBar the nopasswd
option is set, probably to allow editing the sitebar while the remaining
Site wiki is readonly. But I am sure that a lot of users (found another
site immedeately by just browsing your success story list), will oversee
that and open their Sitebar for writing... I consider that as a security
risk.
Stefan Schimanski
More information about the pmwiki-users
mailing list