[dokuwiki] Re: disableactions and searchsnippets

Andreas Gohr wrote: 
Hi all!

I just thought about the new disableactions feature. If someone disables the source view he'd probably expect that this would protect the raw source of pages completely (eg to do some crazy stuff like embedding php and putting passwords in it) however using the search could reveal parts of this source through the snippets again.

What do you think? Do we need to care for this or should we simply make it clear that this is not a real security feature?
I vote for this one, perhaps add some extra hooks to make it feasible to add a search plugin. I see disabling showsource button as a user interface improvement for CMS style wiki's (guests can read but not edit) rather than a security thing. If there are uses which currently require secure data to be included in the raw wiki text, then perhaps different ways of handling those uses need to be explored - by those who have added features with those requirements.

And if we care, how do we do it? even if we disable search snippets when viewsource is disabled, one could probably gather info by the pure fact if search produces a hit or not... 
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: