Privilege for viewing Wiki page history
|Reported by:||Owned by:|
|Severity:||normal||Keywords:||privileges, wiki, security|
Wiki page histories sometimes provide a security concern when revisions may have contained unprotected sensitive data. TracProtected is a very handy macro, but non authenticated users can easily browse the Wiki page's history for revision with unprotected data.
While removing or pruning Wiki page histories goes against the revision concept, a privilege specific to viewing old Wiki page revisions should alleviate this concern.
In practice is could be defaulted to allow all, but easily be a privilege given only to authenticated users when revision history security becomes a concern.