[dokuwiki] Re: $INFO

• From: Gerry Weißbach <gerry.w@xxxxxxxxxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Thu, 19 Nov 2009 23:25:46 +0100

Am 19.11.2009 um 23:14 schrieb Andreas Gohr:

>> I just installed the latest devel release on my companies test and devel 
>> severs and found the $INFO being published via JavaScript.
>> I consider that a security problem or at least an severe inconvenience for 
>> corporate websites that use DW (such as mine).
> 
> Why? What's in there that's problematic?

There are usernames in it. There is specific file information of the page in it 
(Path on the server ...). The ACL ... settings ...
This is a lot of stuff that I think no one should see especially when the 
"admin" is not aware that it's being "published" or when the wiki is being used 
as corporate website.

It's just a personal feeling (and that of my colleagues) that it's not right to 
have the information there. Thats why I'd at least request to add an option to 
hide it.

Does that sound reasonable or somewhat paranoid? (Not sure myself - but I'm 
afraid of leaking too much information)

Gerry. 


--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] Re: $INFO
    • From: Andy Webber
  • [dokuwiki] Re: $INFO
    • From: Andreas Gohr

• References:
  • [dokuwiki] $INFO
    • From: Gerry Weißbach
  • [dokuwiki] Re: $INFO
    • From: Andreas Gohr

Other related posts:

• » [dokuwiki] $INFO- Gerry Weißbach
• » [dokuwiki] Re: $INFO- Andreas Gohr
• » [dokuwiki] Re: $INFO - Gerry Weißbach
• » [dokuwiki] Re: $INFO- Andy Webber
• » [dokuwiki] Re: $INFO- Andreas Gohr
• » [dokuwiki] Re: $INFO- TNHarris
• » [dokuwiki] Re: $INFO- Gerry Weißbach
• » [dokuwiki] Re: $INFO- Andreas Gohr
• » [dokuwiki] Re: $INFO- Gerry Weißbach
• » [dokuwiki] Re: $INFO- James Lin

1. Home
2. dokuwiki
3. Archive
4. 11-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---