Item1485: _default web permissions are wrong

Priority: Urgent
Current State: Closed
Released In: 1.0.5
Target Release: patch
Applies To: Engine
Component:
Branches:
Reported By: CrawfordCurrie
Waiting For:
Last Change By: KennethLavrsen
When a new web is created, the permissions are automatically rewritten to allow the creating user edit access to the preferences. Despite this, the _default web still has open access, making it a prime target for a spammer.

Close the permissions in the _default web down. Only the web creator has access.

_empty web too.

-- CrawfordCurrie - 21 Apr 2009

I assume this will close the original issue raised in Tasks.Item1415. (I am still interested in hearing comments on my suggestion about enhancing the web creation process; it would close a gap between web creation and setting access controls.)

-- IsaacLin - 21 Apr 2009

Yes; see my remark in that item.

-- CrawfordCurrie - 23 Apr 2009

ItemTemplate edit

Summary _default web permissions are wrong
ReportedBy CrawfordCurrie
Codebase
SVN Range SVN 3596: Foswiki-1.1.0-dev, Sat, 18 Apr 2009, build 3507
AppliesTo Engine
Component
Priority Urgent
CurrentState Closed
WaitingFor
Checkins distro:0770051bf1e5 distro:b1684ac4cf7c distro:4d21e9e41bcf distro:24a78d6badb6
TargetRelease patch
ReleasedIn 1.0.5
Topic revision: r6 - 25 Apr 2009, KennethLavrsen
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License