CarlosAB wrote, > Is ZAP secure? I remember some long threads just talking about it. > > I'm sorry if it is not true, but that's how I remember it and the reason why > I'm trying to code a registration recipe myself.
For those who didn't read those long threads talking about ZAP security, here's the quick summary: ZAP is based on the assumption that you will only let people you trust edit pages on your wiki. Like CommentBox and some other forms recipes, ZAP allows users without edit privileges to write predetermined kinds of information to pages, but unlike those other recipes, anyone *with* edit privileges can determine the kinds of information that are written. So if you want your wiki to be open to editing by any and every person and bot on the Internet, as it is by default, then ZAP is not for you. However, if you only allow people you trust to edit pages, then ZAP is as trustworthy as they are. Unfortunately installing ZAP does not lock down your site; you have to do that yourself as a separate step. That's part of why I plan to release a ZAP CMS bundle with all of that already done, so that it can be secure out of the box. As for a separate registration recipe, that's great! I hope you will make it compatible with the PmForms framework if possible. Thanks! --Ben S. _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
