NOTE: If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org to view this page for some minimal testing.
Use Item9693 for docu changes for 1.2 and 2.0.

You are here: Foswiki>Tasks Web>Item1485 (25 Apr 2009, KennethLavrsen)

Item1485: _default web permissions are wrong

Priority:	CurrentState:	AppliesTo:	Component:	WaitingFor:
Urgent	Closed	Engine

When a new web is created, the permissions are automatically rewritten to allow the creating user edit access to the preferences. Despite this, the _default web still has open access, making it a prime target for a spammer.

Close the permissions in the _default web down. Only the web creator has access.

_empty web too.

-- CrawfordCurrie - 21 Apr 2009

I assume this will close the original issue raised in Tasks.Item1415. (I am still interested in hearing comments on my suggestion about enhancing the web creation process; it would close a gap between web creation and setting access controls.)

-- IsaacLin - 21 Apr 2009

Yes; see my remark in that item.

-- CrawfordCurrie - 23 Apr 2009

ItemTemplate edit

Summary	_default web permissions are wrong
ReportedBy	CrawfordCurrie
Codebase
SVN Range	SVN 3596: Foswiki-1.1.0-dev, Sat, 18 Apr 2009, build 3507
AppliesTo	Engine
Component
Priority	Urgent
CurrentState	Closed
WaitingFor
Checkins	Foswikirev:3598 Foswikirev:3599 Foswikirev:3634 Foswikirev:3635
TargetRelease	patch
ReleasedIn	1.0.5

Topic revision: r6 - 25 Apr 2009, KennethLavrsen

Tasks

Submit and Query

Create Task

Developer Tasks

Non Developer Tasks

Developer Tools

Tools

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement.