[dokuwiki] Security whole ?

• From: Ruslan Zasukhin <sunshine@xxxxxxxxxxxxxxxxx>
• To: "dokuwiki@xxxxxxxxxxxxx" <dokuwiki@xxxxxxxxxxxxx>
• Date: Thu, 02 Feb 2006 01:15:53 +0200

Hi All,

We have in DW folder-namespace techdocs.

This namespace in ACL marked as
    only developers can read it and write.

So I have Logout and enter wiki as anonymous.

* from start page exists link to techdocs. If I try go by link,
    it show Permission denied. OK
 
* But now I click INDEX button, and I see

    techdocs
        folder1
        folder2
            folder3
        folder4

I.e. I see the whole folder hierarchy INSIDE of hidden area.

I do not see pages, right, but I do not want expose even the folder
hierarchy, because it already show additional information which I do not
want to expose.

And I think that INDEX must not show even techdocs folder itself to
anonymous.


Andreas, can this be fixed easy somehow ?
    if yes, can you show patch of code ?


-- 
Best regards,

Ruslan Zasukhin
VP Engineering and New Technology
Paradigma Software, Inc

Valentina - Joining Worlds of Information
http://www.paradigmasoft.com

[I feel the need: the need for speed]


-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] Re: Security whole ?
    • From: Carl Thorpe
  • [dokuwiki] Re: Security whole ?
    • From: Andreas Gohr

Other related posts:

• » [dokuwiki] Security whole ?
• » [dokuwiki] Re: Security whole ?
• » [dokuwiki] Re: Security whole ?
• » [dokuwiki] Re: Security whole ?
• » [dokuwiki] Re: Security whole ?

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription