[Moin-user] User Security - sometimes

Juergen Hermann jh at web.de
Tue May 14 23:13:03 EDT 2002

On Tue, 14 May 2002 17:40:29 -0700 (PDT), Adam Shand wrote:

>so if something like this works:
> http://domian.net/moin.cgi?page=FrontPage
>then we're both screwed :-)

It doesn't, but that does not mean 100% security, e.g. a user can subscribe 
to hidden pages, be it willingly or not, and there's the XMLRPC interface.

Edit restrictions should be tight though, unless someone uses GET to save a 
page (which 1.1 will forbid).

Ciao, Jürgen

More information about the Moin-user mailing list