Hi Niels, Niels Mayer wrote: > In numerous places in the XE1.8m2 interface, the user is exposed to more > information than is necessary, when virtualhosting ( > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Virtualization ) is > enabled. > > The current virtualhosting implementation seems to assume a shared farm of > wikis where one may want to expose other wikis in the farm. However, one > may also want to use virtualhosting in implementations where there is no > sharing between virtual hosts. > > So for example, we have: > > (1) the column 'Wiki' in Main.SpaceIndex ( e.g. > http://nielsmayer.com/xwiki/bin/view/Main/SpaceIndex?space=Main ) as well as > Main.WebSearch (e.g. > http://nielsmayer.com/xwiki/bin/view/Main/WebSearch?text=fedora&x=0&y=0 ) -- > shows "host_xe_nielsmayer_dot_com" but it doesn't really need to. (should be > optional). > > (2) in the wysiwyg editor's "link editor" ... there's an option-menu "Choose > a wiki: " that > exposes the names of all the wikis, and all their database names. (should be > optional: if "standalone" default to current wiki).
IMO it's just a matter of access rights. If I, the current user, have the right to see MyWiki:MySpace.MyPage then MyWiki should appear in "Choose a wiki" list box, MySpace in "Choose a space" list box and MyPage in "Choose a page" list box. Thanks, Marius > > For these, and potentially other cases, I think this behavior should be > optional, not default. Most virtual wiki setups would not want their wikis > to "see" each other, IMHO. This includes a fairly common scenario -- the > private/public wiki setup -- people inserting links via wysiwyg in the > public wiki shouldn't see all the link-names and spaces in the private wiki. > > Likewise, the notion of global and local users having potential access to > the wiki should be based on whether the virtual-wiki setup is "shared" or > "standalone." > > Finally, exposing the database name of the virtual-wiki (to all search > engines as well) is a small, but unecessary security risk. In #2, for > example, the link editor allows people to see the database names of *all* > the virtual hosts. Also, if one ends up choosing unsightly but descriptive > names like host_xe_nielsmayer_dot_com, users shouldn't need to see it. > > Niels > http://nielsmayer.com > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
