[pmwiki-users] Security issue: Site/SideBar has set the nopasswd option

Stefan Schimanski sts at 1stein.org
Fri Jul 7 18:35:49 CDT 2006


Hallo PmWiki developers,

I found out today, that for the months I am using pmwiki my Site/SideBar
was writable by everybody although I implemented authorization for the
site. The problem is that in the wikilib.d/Site.SideBar the nopasswd
option is set, probably to allow editing the sitebar while the remaining
Site wiki is readonly. But I am sure that a lot of users (found another
site immedeately by just browsing your success story list), will oversee
that and open their Sitebar for writing... I consider that as a security
risk.

Stefan Schimanski





More information about the pmwiki-users mailing list