Item1485: _default web permissions are wrong
Priority: Urgent
Current State: Closed
Released In: 1.0.5
Target Release: patch
Applies To: Engine
Component:
Branches:
When a new web is created, the permissions are automatically rewritten to allow the creating user edit access to the preferences. Despite this, the _default web still has open access, making it a prime target for a spammer.
Close the permissions in the _default web down. Only the web creator has access.
_empty web too.
--
CrawfordCurrie - 21 Apr 2009
I assume this will close the original issue raised in
Tasks.Item1415. (I am still interested in hearing comments on my suggestion about enhancing the web creation process; it would close a gap between web creation and setting access controls.)
--
IsaacLin - 21 Apr 2009
Yes; see my remark in that item.
--
CrawfordCurrie - 23 Apr 2009