[pmwiki-users] Adding something like '?action=version'? (Was: Version of Pmwiki)
Patrick R. Michaud
pmichaud at pobox.com
Thu Apr 12 09:21:31 CDT 2007
On Thu, Apr 12, 2007 at 04:05:44PM +0200, christian.ridderstrom at gmail.com wrote:
> >One reason why PmWiki hasn't provided something like this by default is
> >that some administrators would prefer that PmWiki version information
> >not be easily available to others (especially malicious programs).
>
> Do you think such an administrator will manage to remove the {$Version}
> from the page PmWiki.PmWiki?
Some will, some won't. Overall I think it's primarily an issue of
perception -- administrators perceive a potential problem if
configuration information about the site is readily available
via urls in a number of locations. That's why many administrator
choose to suppress the "Server:" HTTP response and any other
information that might be of use to an attacker.
> Maybe what a paranoid administrator really needs is a setting
> $EnablePmWikiVersionInfo
> that can be disabled to stop showing the version in any way?
The following will do it:
unset($FmtPV['$Version']);
unset($FmtPV['$VersionNum']);
> ...
> So what pmwiki-mode needs is really any method
> that allows to determine the version info ... hmm, actually it's probably
> more like the version of PmWiki's API.
This is why I think we need a special action or variant of
?action=source that provides any additional information that
pmwiki-mode and other tools need.
Pm
More information about the pmwiki-users
mailing list