Item1485: _default web permissions are wrong

Priority: Urgent
Current State: Closed
Released In: 1.0.5
Target Release: patch
Applies To: Engine
Reported By: CrawfordCurrie
Waiting For:
Last Change By: KennethLavrsen
When a new web is created, the permissions are automatically rewritten to allow the creating user edit access to the preferences. Despite this, the _default web still has open access, making it a prime target for a spammer.

Close the permissions in the _default web down. Only the web creator has access.

_empty web too.

-- CrawfordCurrie - 21 Apr 2009

I assume this will close the original issue raised in Tasks.Item1415. (I am still interested in hearing comments on my suggestion about enhancing the web creation process; it would close a gap between web creation and setting access controls.)

-- IsaacLin - 21 Apr 2009

Yes; see my remark in that item.

-- CrawfordCurrie - 23 Apr 2009

ItemTemplate edit

Summary _default web permissions are wrong
ReportedBy CrawfordCurrie
SVN Range SVN 3596: Foswiki-1.1.0-dev, Sat, 18 Apr 2009, build 3507
AppliesTo Engine
Priority Urgent
CurrentState Closed
Checkins distro:0770051bf1e5 distro:b1684ac4cf7c distro:4d21e9e41bcf distro:24a78d6badb6
TargetRelease patch
ReleasedIn 1.0.5
Topic revision: r6 - 25 Apr 2009, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy