[pmwiki-users] Request for changing the default upload policy

Wed Dec 21 14:13:40 CST 2005

ons 2005-12-21 klockan 12:08 -0600 skrev Patrick R. Michaud:
> On Wed, Dec 21, 2005 at 05:39:40PM +0100, Mikael Nilsson wrote:
> > After having gone through the process of trying to secure my wiki, or at
> > least parts of it, I'd like to request a change in default settings for
> > uploads to be per-page, and not per-group.
> > ...
> > So the questions are: 
> > 1. Is the performance issue real/common?
> > 2. is it very common to use attachments on more than one page?
> 
> 1. It's not at all an issue of performance -- the way in which the
> attachments are organized shouldn't affect performance.

Are you sure? Note that I refer to $EnableDirectDownloads...

>From http://www.pmwiki.org/wiki/Cookbook/SecureAttachments:

"By default when PmWiki generates "Attach:" links, it creates them as
"direct" links into the webserver directory. 

This has some advantages and disadvantages. The biggest advantage is
that it's fast, in that the webserver doesn't have to execute a PHP
script in order to return the appropriate file to the browser. The
webserver can also take care of determining the appropriate Content-Type
for the file."

> 
> 2. For most of the places where I've used PmWiki, it has been quite 
> common to share attachments among multiple places in a group, as 
> well as wanting to be able to quickly list all of the attachments 
> used by a group (as opposed to having to go through each page to
> see them).  Using per-page attachments in these instances would've
> been a big pain.

Agreed. However, consider my real-life situation:

I have a group called MyCompany on my otherwise open wiki not related to
the company, used for company-internal stuff. It's read-protected. Now,
I've documented work for a client on one of the pages, and I want to
give the client read-access to that page. Fine, I use ?action=attr and
add a password and give that to the client. 

However, suddenly the client has read-access to *all* my
company-internal uploads. Baaad, and not what I expected.

Sure, I could solve that by having a new group specifically for this
purpose, with suitably tailored authentication. But that does not match
my workflow....

Again, the issue is one of expectations - I did not expect that to
happen, so I first missed it completely. Note that I'm not blaming
anyone, and no harm has actually been done... I just want to make sure
others are not bitten by this.

Sharing attachments is not a big pain, given the
Attach:Page/filename.txt syntax.

However, quickly listing attachments is worse. Maybe you need an
(:attachlist group=... name=... :) markup similar to (:pagelist:), only
it only returns attachments.

> Your points about the security implications of read-protected pages
> and attachments are quite valid, but I'm not sure that it's enough
> to warrant changing the default setting.  In my experience most
> places that have read-protection do so on entire groups or the entire
> site and not individual pages (but I could be wrong about this also).

No, I think you are right, that is the natural way to organize
authentication, and I use it extensively. The situation arose for me
when I wanted to deviate from that in a single instance.

However, see the next mail for a solution.

/Mikael
-- 
Plus ça change, plus c'est la même chose