On 23 Mar 2008, at 14:54, Tobias Eigen wrote:
Hi Andi, It is now possible for unauthenticated people to access all the contents of the _media path, including google. This is disastrous for us as we have been using the wiki for internal discussions and planning. We have namespaces set up to be public, and others set up to be private. All content uploaded to the wiki, whatever the namespace, is publicly visible. Maybe I need to phrase the question another way: is it possible to block direct access to the _media path, or to verify that you can only access certain media if you are authenticated for that namespace? Cheers, Tobias
Its always been possible. DW can't protect you from your webserver. You have two main choices:- prevent your webserver from directly serving the media files. The standard DW installation includes a ".htaccess" file denies direct access to files in the data directory -- for webservers that understand them and are configured to use them (e.g. apache).
- move your data directory outside your webroot. More information can be found at http://wiki.splitbrain.org/wiki:security - Chris -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist