[Moin-user] Disable Global Macros

Jim Popovitch yahoo at jimpop.com
Mon Mar 24 11:44:31 EDT 2008


On Mon, Mar 24, 2008 at 8:20 AM, Thomas Waldmann <tw-public at gmx.de> wrote:
> > Is there a cfg option, or other method, to disable some of the Globla
>  > macros?  I google'd a bit and couldn't find anything.
>
>  No, you can't.
>
>  You could override them via a plugin macro of the same name though.

Ahh, good idea.

>  Why would one want that?

I'm just trying to reduce potential attack/nuisance vectors, as well
as pare down a wiki to better understand what pieces will need
migrating to v1.6.  For instance AutoAdminGroup has user account names
in it that anybody could very well create on anyone else's wiki....
yet, it takes a config file tweak to enable AutoAdminGroup...however
there is no mention in the docs or .cfg that by enabling a security
policy (something a lot of wiki owners might be keen to doing) that
you would be giving 2 pre-existing users some interesting permissions
on your wiki.

I guess I just keep running into what I would characterize as "soft
security" issues, so this past weekend was spent on minimizing their
potential.

-Jim P.




More information about the Moin-user mailing list