group Next Big Thing: Register for the Foswiki Camp 2015 now. ... group Annual Foswiki Association meeting: Friday 20th March 2015 at 1300Z

Item11194: Add to warning for AuthScripts list

Priority: Normal
Current State: Closed
Released In: 1.1.4
Target Release: patch
Applies To: Engine
Component: Configure
Branches:
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
Statistics can create a significant server workload. It's probably best to restrict statistics to logged in users.

Add a config checker to warn if statistics script is not restricted.

Also, if LoginManager is not set to TemplateLogin, it is critical that the AuthScripts setting agree with the list of scripts protected in the web server configuration. Add a warning - "Verify that the AuthScripts setting is consistent with the alternative protection mechanism, such as the Apache FilesMatch or LocationMatch setting.

-- GeorgeClark - 21 Oct 2011

It doesn't make sense to warn about a configuration that is not default. Reopening to add statistics to the list of default protected scripts. Also we are missing compareauth so I'll add that here as well. And to continue with task abuse, adding a list of the open scripts as a note under AuthScripts - makes it easier to see what's missing.

-- GeorgeClark - 21 Nov 2011
 
Topic revision: r15 - 17 Dec 2011, GeorgeClark
 

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License