You are here: Foswiki>Tasks Web>Item2248 (06 Jan 2015, GeorgeClark)Edit Attach

Item2248: If a user does not have permission to use view a web, don't use that web's SKIN setting.

pencil
Priority: Enhancement
Current State: Confirmed
Released In: n/a
Target Release: n/a
Applies To: Engine
Component: FoswikiPrefs
Branches:
Reported By: SvenDowideit
Waiting For:
Last Change By: GeorgeClark
as it breaks the security principle of not revealing un-authorised facts to unauthorised users.

it should fall back on the site's skin

(ok, so this may not be desirable for sites where security isn't as major a concern, some of us have users that don't want other users to know about their confidential webs - and the skin is a bit of a giveaway)

I may make a plugin to see how this can be implemented, but more likely it'll be an extra expert cfg option for the templateLoginManager

-- SvenDowideit - 14 Oct 2009

ItemTemplate edit

Summary If a user does not have permission to use view a web, don't use that web's SKIN setting.
ReportedBy SvenDowideit
Codebase trunk
SVN Range SVN 5263: Foswiki-1.1.0-dev, Sat, 10 Oct 2009, build 5251
AppliesTo Engine
Component FoswikiPrefs
Priority Enhancement
CurrentState Confirmed
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release01x01Checkins
Edit  | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r2 - 06 Jan 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy