You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Harry Metske (JIRA)" <ji...@apache.org> on 2009/02/15 14:37:00 UTC
[jira] Commented: (JSPWIKI-502) Show Wikipages in Search without
Authorization
[ https://issues.apache.org/jira/browse/JSPWIKI-502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12673643#action_12673643 ]
Harry Metske commented on JSPWIKI-502:
--------------------------------------
The idea is good, but we should first agree that this improvement is not a security issue.
If you search for "MySecretWord" and you are told that page XYZ contains it (and you are not allowed to view that page), information from that page is disclosed while it should not.
Or does this call for an additional (complexity increasing) option in jspwiki.properties, so you have the choice ?
> Show Wikipages in Search without Authorization
> ----------------------------------------------
>
> Key: JSPWIKI-502
> URL: https://issues.apache.org/jira/browse/JSPWIKI-502
> Project: JSPWiki
> Issue Type: Improvement
> Affects Versions: 2.8.1
> Reporter: Kurt Stein
> Attachments: screenshot-1.jpg
>
>
> I often have the problem that users tell me: "I can´t find the information in the wiki."
> But I know that it is actually there. So they don´t have the authorization to view the page and therefore the search filters the page away.
> So here is my question: Why don´t we show the user that there is a page that contains the information he is searching for and he simply does not have the authorization to see it. (see screenshot)
> Then he can ask for the permission instead of making stupid stuff like creating a new page for his issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.