--
Ricardo Rodríguez
Research Management and Promotion Technician
Health Research Institute of Santiago de Compostela (IDIS)
http://www.idisantiago.es
________________________________________
From: users-boun...@xwiki.org [users-boun...@xwiki.org] On Behalf Of Vincent 
Massol [vinc...@massol.net]
Sent: 13 February 2012 18:09
To: XWiki Users
Subject: Re: [xwiki-users] security breach?

On Feb 13, 2012, at 5:47 PM, <ricardo.julio.rodriguez.fernan...@sergas.es> 
<ricardo.julio.rodriguez.fernan...@sergas.es> wrote:

> Hi!
>
> Under certain circunstances I'm not able to identify, even though a given 
> I've no access to a given XWiki page, it is possible to access/download their 
> attached files provided you know their URLs.
>
> Please, could you figure out why this could happen? Thanks!

>> Can you reproduce it? And if so, can we get access to a page showing the 
>> symptom or could you tell us how to reproduce?
>>
>> Without more details it's going to be hard to figure out.
>>
>> Thanks
>> -Vincent

Hi, Vincent,

No, I've not been able to reproduce it yet. The issue arose sometime ago when 
an user claims that a paper of him, ready to be published by a first line 
magazine, appears indexed by Google even though it was theoretically protected 
within a XWiki installation. Please, check this:

http://atrium_km.idisantiago.es/bin/Project/Transcan2012 - you must be required 
to identify

http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/S28BW.numbers.png
 - at least from my browsers here, this image is freely accessible... some 
cache related issue?

http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/idisMotto.png 
- you are required to identiy; this file is attached to the same page!

Vincent, do you remember your account at EPEC Network? Atrium_KM is now the 
controller of the whole farm. I've chaged eBioTIC. look and feel to fit the 
image requirements of this new initiative. I do hope I'll be able to get it bak 
ASAP! I've created a new account for you there and I'm sending you a new 
password.

Thanks!

Ricardo

> This is causing me some serious problems here. Running XWiki Enterprise 
> 2.4.30451.
>
> Greetings!
>
> Ricardo
>
> --
> Ricardo Rodríguez
> Research Management and Promotion Technician
> Health Research Institute of Santiago de Compostela (IDIS)
> http://www.idisantiago.es
>
> Nota: A información contida nesta mensaxe e os seus posibles documentos 
> adxuntos é privada e confidencial e está dirixida únicamente ó seu 
> destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, 
> por favor elimínea. A distribución ou copia desta mensaxe non está autorizada.
>
> Nota: La información contenida en este mensaje y sus posibles documentos 
> adjuntos es privada y confidencial y está dirigida únicamente a su 
> destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, 
> por favor elimínelo. La distribución o copia de este mensaje no está 
> autorizada.
>
> See more languages: http://www.sergas.es/aviso_confidencialidad.htm
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Nota: A información contida nesta mensaxe e os seus posibles documentos 
adxuntos é privada e confidencial e está dirixida únicamente ó seu 
destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por 
favor elimínea. A distribución ou copia desta mensaxe non está autorizada.

Nota: La información contenida en este mensaje y sus posibles documentos 
adjuntos es privada y confidencial y está dirigida únicamente a su 
destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, 
por favor elimínelo. La distribución o copia de este mensaje no está autorizada.

See more languages: http://www.sergas.es/aviso_confidencialidad.htm
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to