incubator-bloodhound-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joachim Dreimann <joachim.dreim...@wandisco.com>
Subject Re: Default access policy for anonymous users on installation
Date Thu, 17 May 2012 16:08:33 GMT
I would err on the side of caution:
If something that should be public isn't, not much harm is done.
If something that should not be public is, much harm could be done.

It's all shades of grey, but by default I would not provide view or other
permissions to users that aren't logged in.

Besides corporate deployments I would expect Bloodhound to be commonly used
for other Open Source projects though where it should be really easy for
the Administrator to change this setting. How that should look can be
a separate discussion if we decide to go down that route.

- Joe

On 17 May 2012 10:15, Gary <gary.martin@wandisco.com> wrote:

> Hi,
>
> I'll try not to bias the following by appearing to show a preference here
> but I was wondering how people feel about a change in default access
> permissions for anonymous users.
>
> Currently Trac appears to give view permissions to anonymous users for a
> wide range of resources including wiki pages and tickets.
>
> As this is a question about the default policy, the question can be framed
> as the following choice:
>
> 1. Leave anonymous users with the current view permissions or
> 2. Remove all view permissions for anonymous users for the default install
>
> This makes it separate to the question of whether we provide any extra
> help in choosing an appropriate access policy, at install time or
> otherwise, but I would be happy to hear any thoughts that people have on
> that too.
>
> Cheers,
>    Gary
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message