Hi, On Thu, Jun 30, 2011 at 8:15 AM, Paul Harris <harris...@gmail.com> wrote:
> Hi guys, > > I installed the "Admin Tools" plugin > http://extensions.xwiki.org/xwiki/bin/view/Extension/AdminTools > > And found that half the stuff didn't work anyway. > > Regardless, carrying on, I am hoping the User Rights tool will be helpful, > however it can't seem to check the most important user: > the Unregistered User > > And what is worse, I discovered by accident that the Unregistered User can > access the space! > For example, an unregistered user can access the /xwiki/Admin/RunQuery > page, > which could be used to run queries directly on the database, for example > select * from xwikipreferences > > Does this give anyone else a heart attack too?? > I don't think this "extension" is part of the standard XE/XEM release. You should be careful when installing extensions. > > WHY is there no default "cannot view unless admin says so" mode? > This is a problem with all of my spaces. When I create a space, I want to > then have to go and ALLOW people to access it. Not open by default, that > is > much harder to configure. > It's a wiki, and wikis are supposed to be open by default. If the the default behaviour is "closed", it would be hard for a normal user to create a space and allow other users to contribute content (he'll have to wait for the admin to open that space). This is only my personal understanding and I'm not a professional XWiki user, so let's wait for some other views as well. Thanks. - Asiri > > Can someone please look at rights management, it seems to be insecure by > default, and makes me scared. > > thanks. > Paul > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
