A thought on access permissions and renaming a topic in
%MAINWEB%
If a user topic SomeUser topic contained in SomeGroup is renamed to SomeOtherGroup then the user topic can be used to enlarge the set of users belonging to the initial SomeGroup.
This is not a bug, because the rename code correctly checks for ALLOWCHANGETOPIC of the SomeGroup and renames links in it only if the user has change privilege on that topic.
I am wondering if there is some way to use this to gain higher privileges ...
If so, all TWikiAdmins should keep a vigil eye on the ALLOWWEBRENAME property of the %MAINWEB% and ALLOWTOPICCHANGE in all groups topics.
I should update my GroupsMap to take care of this ...
-- AndreaSterbini - 01 Jan 2002 
Edit | Attach | Topic revision: r2 - 2006-03-09 - CrawfordCurrie
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.