On Mar 27, 2009, at 3:48 PM, Sergiu Dumitriu wrote: > Vincent Massol wrote: >> Hi Hel, >> >> On Mar 27, 2009, at 2:28 PM, hel-o wrote: >> >>> Hi, >>> >>> is there a special reason for that, >> >> Is this is for security issues since one wiki in a farm could >> endanger >> all the wikis in the farm very easily since a local user would get >> access to a powerful API. > > To be more detailed, a user with programming rights has absolute > access > on the whole server (using Groovy), and in a public farm if a wiki > admin > gives himself programming rights, he can seriously affect the entire > server. Imagine if somebody could do anything on the whole Blogspot > farm... > >>> and is it planned for a future release to have the possibility to >>> have programming rights in a virtual wiki? >> >> No. > > It depends. There is an issue on jira.xwiki.org about having an option > for this, defaulting to false, but there's no requirement for this. > Programming rights are really a dangerous thing, I don't see any > need to > grant them to anybody except one global account that decides what is > safe.
Indeed, if you need programming rights for a given api maybe a better way would be to provide that API without programming rights (if it's safe). What's your use case? Thanks -Vincent >>> >>> hel. >>> >>> >>> Hel-o, >>> >>> Only users registered on the main wiki can be granted programming >>> access >>> level. But they can save pages with the programming rights on sub >>> wikis. >>> >>> Jerome. >>> >>> hel-o wrote: >>>> Hi, >>>> >>>> is there a way to give programming rights to a user in a virtual >>>> wiki? >>>> >>>> Thanks >>>> hel. _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
