On 8/3/06, Gabriel Birke <gabriel.birke@xxxxxxxxx> wrote:
The thing I described (ACL permissions remaining in the ACL file even when a page is deleted) is NOT the result I want to achieve but **the current behavior of DokuWiki**! I fail to see why cleaning up the ACL file poses a security risk, I think the opposite would be true.
Please pardon me for sticking my 2 cents in.
The ACL as set-up during normal site operations are the accepted standards for page/namespace security during the operation of your site; right?
Then for that reason alone the ACL security should remain the same even if a page is edited into a "deleted" (because the content is empty) status.
Why? Because should that page be created again (for whatever reason; let's just say it was restored from the attic, for example) then does it not stand to reason the past ACL security should still be enforced? Removing an ACL just because a Page or Namespace was deleted does not make good security sense.
Overall the site "admin" should at least excersize more systems administration by periodically reviewing the ACLs and page/namespaces.
But, of course, all this is just my opinion. -- WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/ -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist