Tags:
create new tag
view all tags

Question

Oops. One of my company's users just created a personal sidebar (pattern skin). Great feature. It probably even asked him for his name and password.

Then it allowed him to edit the personal sidebar for TWikiGuest. Not good.

Can we prevent this? Can you guys do something to TWiki to prevent this??

How about checking if the user name doesn't match the owner of the sidebar page when the edit starts up? It is, afdter all, supposed to be a "personal" side bar (and it's not easy to tell that you're not where you think you are.

If I tried to edit ~/.cshrc and got /etc/cshrc instead I would be embarrassed - and my sysadmin would be unhappy.

Environment

TWiki version: TWikiRelease02Sep2004
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS:  
Web server:  
Perl version:  
Client OS:  
Web Browser:  
Categories: Permissions, Authorisation, Skin

-- VickiBrown - 17 Dec 2004

Answer

Would you be up for coding a change for this? If you have a lot of changes you'd like to make you would probably enjoy developer access to the subversion repository.

-- MartinCleaver - 17 Dec 2004

How about simply creating the guest sidebar and locking edit down to the admin group?

-- PeterThoeny - 17 Dec 2004

A fine workaround. I have created a personal sidebar for TWikiGuest that says:

You are TWiki Guest!

You will need to authenticate yourself to edit any pages. Be sure to register if you haven't already done so.

-- VickiBrown - 17 Dec 2004

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2004-12-17 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.