>>> Op Zondag 8 Februari 2009 om 22:53 is door Helmut Tischer >>> <htischer@xxxxxxxxxxxxxxxxx> geschreven: If a unknown internet user knows the URL of the mediamanager in a DokuWiki, the person can browse and examine the full media file tree, even if this is a closed wiki. Helmut, I have a dw installation were only the root:start page is visible to visitors, for the rest the people need to login. When I open the mediamanager url as a non-logged-in user, I can see nothing; no namespaces and no media. When I log in as a user who has not the rights to all namespaces, I can see only the namespaces he has access to and so also the media he has access to. So I see no reason for using the patch (on my installation that is); am I missing something? Maybe I just can't see what you mean but I do want to know if my dw is secure. Regards, Paul