-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es ________________________________________ From: [email protected] [[email protected]] On Behalf Of Vincent Massol [[email protected]] Sent: 13 February 2012 18:09 To: XWiki Users Subject: Re: [xwiki-users] security breach?
On Feb 13, 2012, at 5:47 PM, <[email protected]> <[email protected]> wrote: > Hi! > > Under certain circunstances I'm not able to identify, even though a given > I've no access to a given XWiki page, it is possible to access/download their > attached files provided you know their URLs. > > Please, could you figure out why this could happen? Thanks! >> Can you reproduce it? And if so, can we get access to a page showing the >> symptom or could you tell us how to reproduce? >> >> Without more details it's going to be hard to figure out. >> >> Thanks >> -Vincent Hi, Vincent, No, I've not been able to reproduce it yet. The issue arose sometime ago when an user claims that a paper of him, ready to be published by a first line magazine, appears indexed by Google even though it was theoretically protected within a XWiki installation. Please, check this: http://atrium_km.idisantiago.es/bin/Project/Transcan2012 - you must be required to identify http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/S28BW.numbers.png - at least from my browsers here, this image is freely accessible... some cache related issue? http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/idisMotto.png - you are required to identiy; this file is attached to the same page! Vincent, do you remember your account at EPEC Network? Atrium_KM is now the controller of the whole farm. I've chaged eBioTIC. look and feel to fit the image requirements of this new initiative. I do hope I'll be able to get it bak ASAP! I've created a new account for you there and I'm sending you a new password. Thanks! Ricardo > This is causing me some serious problems here. Running XWiki Enterprise > 2.4.30451. > > Greetings! > > Ricardo > > -- > Ricardo Rodríguez > Research Management and Promotion Technician > Health Research Institute of Santiago de Compostela (IDIS) > http://www.idisantiago.es > > Nota: A información contida nesta mensaxe e os seus posibles documentos > adxuntos é privada e confidencial e está dirixida únicamente ó seu > destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, > por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. > > Nota: La información contenida en este mensaje y sus posibles documentos > adjuntos es privada y confidencial y está dirigida únicamente a su > destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, > por favor elimínelo. La distribución o copia de este mensaje no está > autorizada. > > See more languages: http://www.sergas.es/aviso_confidencialidad.htm _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
