On 07/06/07, David Strauss <david@fourkitchens.com> wrote:
Karthik wrote:
One of many scenarios where this will prove to be a hindrance:
1. I create a page using the PHP filter containing sensitive information. 2. I forget to select the PHP input format. 3. I notice this and edit the page again and select the correct format. 4. I think all is well.
Anybody who can view revisions will be able to see my sensitive information.
On any site, viewing old revisions should be restricted to only the most trusted users unless you're trying to operate like a wiki. As long as we default to denying anonymous and authenticated users the right to view old revisions, I think we'll be fine here.
Right now, I don't have to do or worry about any of this. I can see that it's a PHP page and just choose not to create a revision or disable it altogether for all page nodes by default. Choice, Choice, Choice ... -K