Hi guys, I installed the "Admin Tools" plugin http://extensions.xwiki.org/xwiki/bin/view/Extension/AdminTools
And found that half the stuff didn't work anyway. Regardless, carrying on, I am hoping the User Rights tool will be helpful, however it can't seem to check the most important user: the Unregistered User And what is worse, I discovered by accident that the Unregistered User can access the space! For example, an unregistered user can access the /xwiki/Admin/RunQuery page, which could be used to run queries directly on the database, for example select * from xwikipreferences Does this give anyone else a heart attack too?? WHY is there no default "cannot view unless admin says so" mode? This is a problem with all of my spaces. When I create a space, I want to then have to go and ALLOW people to access it. Not open by default, that is much harder to configure. Can someone please look at rights management, it seems to be insecure by default, and makes me scared. thanks. Paul _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
