[Moin-user] User Security - sometimes
Juergen Hermann
jh at web.de
Tue May 14 23:13:03 EDT 2002
On Tue, 14 May 2002 17:40:29 -0700 (PDT), Adam Shand wrote:
>so if something like this works:
>
> http://domian.net/moin.cgi?page=FrontPage
>
>then we're both screwed :-)
It doesn't, but that does not mean 100% security, e.g. a user can subscribe
to hidden pages, be it willingly or not, and there's the XMLRPC interface.
Edit restrictions should be tight though, unless someone uses GET to save a
page (which 1.1 will forbid).
Ciao, Jürgen
More information about the Moin-user
mailing list