Except that any other JSPWiki instance with XML-RPC turned on could
potentially have access to all that private information. I'd have to
put in a check to see that the source and target wikis were okay.
Probably not a bad feature for the plugin anyway.
Can't you control that through Apache .htaccess rules per-IP?
That's what I do - I restrict connections only to certain IP
addresses (or ranges) for security-critical services.
And yeah, the XML-RPC routines should mind the security/access
control now, too, so adding an username/pwd combo to the transclude
plugin might be a good idea as well.
Hmm. That sounds promising. I wouldn't return empty content but
probably
a default "no access" page. But wouldn't having two wiki instances
(i.e.,
two WikiEngines) mean that there could be sync or overwrite
problems? I
mean, even if the one wiki is read-only, it will still be edited at
times by the admin group. Oh, unless you mean that the public pages
also show up as pages on the private wiki. Hmm. Interesting idea...
Yes, exactly. All edits are done in the private wiki - but the
public wiki only shows just a few, key, selected pages.
(The good thing being that if you shut down the other, the other
still keeps running. So you can upgrade the private one without
disrupting the public one.)
/Janne
_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss the
stable release (even-numbered, 2.4.x, 2.6.x), and user-issues.
For development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList
