incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Metske (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JSPWIKI-502) Show Wikipages in Search without Authorization
Date Sun, 15 Feb 2009 13:37:00 GMT

    [ https://issues.apache.org/jira/browse/JSPWIKI-502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12673643#action_12673643
] 

Harry Metske commented on JSPWIKI-502:
--------------------------------------

The idea is good, but we should first agree that this improvement is not a security issue.
If you search for "MySecretWord" and you are told that page XYZ contains it (and you are not
allowed to view that page), information from that page is disclosed while it should not.

Or does this call for an additional (complexity increasing) option in jspwiki.properties,
so you have the choice ?


> Show Wikipages in Search without Authorization
> ----------------------------------------------
>
>                 Key: JSPWIKI-502
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-502
>             Project: JSPWiki
>          Issue Type: Improvement
>    Affects Versions: 2.8.1
>            Reporter: Kurt Stein
>         Attachments: screenshot-1.jpg
>
>
> I often have the problem that users tell me: "I can´t find the information in the wiki."

> But I know that it is actually there. So they don´t have the authorization to view the
page and therefore the search filters the page away. 
> So here is my question: Why don´t we show the user that there is a page that contains
the information he is searching for and he simply does not have the authorization to see it.
(see screenshot)
> Then he can ask for the permission instead of making stupid stuff like creating a new
page for his issue.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message