[pmwiki-users] concerning GroupAttributes a potential security risk

The Editor editor at fast.st
Tue Nov 4 06:53:49 CST 2008


On Tue, Nov 4, 2008 at 6:29 AM, Hans <design5 at softflow.co.uk> wrote:
> Tuesday, November 4, 2008, 10:55:48 AM, Swift, Chris wrote:
>
>> Do you think the idea of using autorestore for the
>> Example.GroupAttributes is a good method of fixing the problem
>> concerning the openness of Example.GroupAttributes, or do you (or
>> anyone else) recommend a different approach?
>
> Well it may prevent someone permanently locking the group.
> But really one would want to lock the GroupAttributes page, so that
> only the admin can change attributes of it.
> I don't know how to do this.
> I hope Patrick has an answer for this.

Don't you just set the attributes for the attributes page itself.
Just go to group.attr&action=attr or something like that. Then you
can't change the attr for that group without knowing the password.

It's been a while since I've done this so I may not recall the exact
syntax properly, but I think this may be correct.  I'm sure it's in
the docs--how to set the attributes for a specific page.

Cheers,
Dan



More information about the pmwiki-users mailing list