On Fri, 21 Jul 2006 12:52:53 +0100 Alastair McKinstry wrote: > I use moinmoin as a CMS for a website. As such, I have certain pages > with ACLs attached, so that they are not visible; e.g. > > #acl AuthorsName:read.write,revert All: > > Typcially I have a sub-page included to another page to pull in a link > to these. This works well, so no-one can see my new page > TopSecretNewContract, or access it directly via an URL. > > However RecentChanges lists the new pages, and comments, and who is > working on them, thus leaking information.
Thanks for reporting. As I understand it, the current ACL implementation only promise to control the *content*, not the activities surrounding the content. Do you agree? - Jonas -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ - Enden er nær: http://www.shibumi.org/eoti.htm
pgpywWYQPKqhG.pgp
Description: PGP signature
