[Moin-user] ACL for attachment

Sandip Bhattacharya sandip at lug-delhi.org
Fri Jul 16 09:09:06 EDT 2004

On Friday 16 July 2004 8:51 pm, Thomas Waldmann wrote:
> As long as you run the standard moin configuration + allowing AttachFile
> action, the worst thing that can happen is that somebody uploads many
> and/or big files. Not a big problem usually, everybody can delete them
> again, so soft security applies.

Actually it is a good risk in hosting environments when the disk quota is 
limited - can server as an easy DoS method by making any additions impossible 
unless somebody with delte privileges comes along, hunts down and deletes teh 
offending attachment.

> > if enabled for public, isnt there an acl statement for attach privileges?
> They are currently using the same read/write/delete ACLs as the page
> they are attached to.

This does make sense for now, though.

> If we would find enough reason to handle them separately, we could do
> it. But I currently see no reason, why we should do that.

Actually, I wanted to have a wiki in which articles are written by a team, and 
opened for comments to the public. Only the team members/authors can edit the 
main article and /or add suitable images if necessary. Maybe too much of a 
specific case.

- Sandip

Sandip Bhattacharya
sandip (at) puroga.com
Puroga Technologies Pvt. Ltd.
Work: http://www.puroga.com        Home: http://www.sandipb.net

GPG: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3

More information about the Moin-user mailing list