[Moin-user] ACL for attachment
Sandip Bhattacharya
sandip at lug-delhi.org
Fri Jul 16 09:09:06 EDT 2004
On Friday 16 July 2004 8:51 pm, Thomas Waldmann wrote:
> As long as you run the standard moin configuration + allowing AttachFile
> action, the worst thing that can happen is that somebody uploads many
> and/or big files. Not a big problem usually, everybody can delete them
> again, so soft security applies.
Actually it is a good risk in hosting environments when the disk quota is
limited - can server as an easy DoS method by making any additions impossible
unless somebody with delte privileges comes along, hunts down and deletes teh
offending attachment.
>
> > if enabled for public, isnt there an acl statement for attach privileges?
>
> They are currently using the same read/write/delete ACLs as the page
> they are attached to.
This does make sense for now, though.
>
> If we would find enough reason to handle them separately, we could do
> it. But I currently see no reason, why we should do that.
Actually, I wanted to have a wiki in which articles are written by a team, and
opened for comments to the public. Only the team members/authors can edit the
main article and /or add suitable images if necessary. Maybe too much of a
specific case.
- Sandip
--
Sandip Bhattacharya
sandip (at) puroga.com
Puroga Technologies Pvt. Ltd.
Work: http://www.puroga.com Home: http://www.sandipb.net
GPG: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3
More information about the Moin-user
mailing list