(Following up on pmwiki-devel) On Tue, May 01, 2007 at 08:21:04PM -0500, Patrick R. Michaud wrote: > All of this is just a way of saying that I think we need > a different overall solution to the problem here -- i.e., > being able to bypass edit to write to *any* page is too > blunt an instrument for what we're trying to achieve.
Whatever happened to the "append" level of security that you were considering as a solution to adding blogging/commenting capability to PmWiki? One of the things that has bothered me about ZAP is not quite that it bypasses PmWiki security(*), but that it has its own security model that bypasses PmWiki security. This concerns me for a few different reasons: (a) more complicated: there are two security systems (b) uncertain: ZAP's security has had less testing (c) is it necessary? I know that security is complicated. Even adding "append" security is complicated. And what does one do if one wants, say, for people to be able to edit some parts of a page (like certain PTVs) and not others? Though I guess that can be gotten around by splitting the content into two pages. (*)My own IncludeUpload bypasses PmWiki security, but I've made it quite clear that it is not secure. Kathryn Andersen -- _--_|\ | Kathryn Andersen <http://www.katspace.com> / \ | \_.--.*/ | GenFicCrit mailing list <http://www.katspace.com/gen_fic_crit/> v | ------------| Melbourne -> Victoria -> Australia -> Southern Hemisphere Maranatha! | -> Earth -> Sol -> Milky Way Galaxy -> Universe _______________________________________________ pmwiki-devel mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
