[ewiki] Re: ewiki_nowiki? (no CamelCase) | restricting search | NewFileSystem requests
- From: Andy Fundinger <andy@xxxxxxxxxxx>
- To: "'ewiki@xxxxxxxxxxxxx'" <ewiki@xxxxxxxxxxxxx>
- Date: Thu, 26 Feb 2004 13:46:20 -0500
> > ##RESTRICT SEARCH
> >
> > Has anyone of you thought of combinig the search tools with the
> > authetication-plugins? I ask, because it might be a nice feature to
> reduce
> > search to pages a searcher has access-rights to. (Though this is not so
> > important.)
>
> Andy does nothing else. ;-)
Right on, I'm slightly out of sync but I have plugins that I maintain a
security watch on and others that are catch as catch can. If you tell me
what are running I can tell you if I consider it secure.
> Many plugins check for access restrictions, and the code was recently
> moved into the database result wrapper code (for SEARCH and GETALL
> requests namely), so it is available for all requests, including
> the PowerSearch and its page preview. For the search plugin there is
> also additional code, which either allows hiding results or displaying
> "access denied" instead of the preview text.
I don't use this new wrapper code yet (see out of sync comment above) but
PowerSearch skips results which do not ewiki_auth() for the view method when
EWIKI_PROTECTED_MODE and EWIKI_PROTECTED_MODE_HIDING are on or hides the
preview if only EWIKI_PROTECTED_MODE is on. A value of 2 for
EWIKI_PROTECTED_MODE_HIDING will hide all unauthenticated page names in
supporting plugins. This does NOT hide body text links to authenticated
pages though I am considering steps along that line.
-Andy
Other related posts: