Edgewall Software
Modify

Opened 13 years ago

Last modified 8 years ago

#10334 new enhancement

Privilege for viewing Wiki page history

Reported by: soco@… Owned by:
Priority: normal Milestone: unscheduled
Component: wiki system Version:
Severity: normal Keywords: privileges, wiki, security
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

Wiki page histories sometimes provide a security concern when revisions may have contained unprotected sensitive data. TracProtected is a very handy macro, but non authenticated users can easily browse the Wiki page's history for revision with unprotected data.

While removing or pruning Wiki page histories goes against the revision concept, a privilege specific to viewing old Wiki page revisions should alleviate this concern.

In practice is could be defaulted to allow all, but easily be a privilege given only to authenticated users when revision history security becomes a concern.

Attachments (0)

Change History (2)

comment:1 by Remy Blank, 13 years ago

Milestone: unscheduled

This shouldn't be too difficult to implement even in a plugin, by implementing IPermissionRequestor and IPermissionPolicy.

comment:2 by Peter Suter, 8 years ago

Related to #11263.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The ticket will remain with no owner.
The ticket will be disowned.
as The resolution will be set. Next status will be 'closed'.
The owner will be changed from (none) to anonymous. Next status will be 'assigned'.

Add Comment
E-mail address and name can be saved in the Preferences .
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.