[dokuwiki] Re: securing images in namespaces
- From: LSimonsen@xxxxxxxxxxxxx
- To: <dokuwiki@xxxxxxxxxxxxx>
- Date: Mon, 19 Dec 2011 09:27:30 -0700
Hi,
On Sat, Dec 17, 2011 at 12:07 AM, <LSimonsen@xxxxxxxxxxxxx> wrote:
> I have uploaded an pdf file as an image and can link to it in a name
space.
> a page in another namespace that links to this image can open it even
> though the user does not have access to the namespace. is there a
control I
> have not checked. the ACL is setup and works for pages in the
namespace.
Are you sure you have uploaded the image in the namespace that is
protected? Media files are organized in namespaces similar to pages,
only namespace ACLs are applied to media files. Media files are not
attached to pages, so it doesn't matter in which page the media files
was originally used.
Michael
I have uploaded the image (.pdf file) to the namespace ('esp').
pages outside of the namespace can access the file in the namespace.
looking at the IE source I see this link.
http://arndv1/FCD_wiki/lib/exe/fetch.php?media=esp:g0-0.pdf
the users ACL entry for esp namespace is
esp:*
10002261
None Read Edit Create Upload Delete
what more can I do to limit the media fetch?
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts:
