[drupal-devel] private but unprotected blogs

Fredrik Jonsson frjo at xdeb.org
Sun Oct 9 20:00:17 UTC 2005

Eric Crump 2005-10-03 19.25 -0500 wrote:

>I have one site that I'm using for a college class and the whole 
>site is supposed to be private, that is, for class use only. I 
>thought that would simply be a matter of giving anonymous users *no* 
>privileges in 'access control' and for the most part, that seems to 
>work. Anonymous users get 403s wherever they go *except* if they 
>type the path to a user's blog.
>For any path 'http://site.org/blog/x' the blog teasers and links 
>display just fine! If they click on a link, they get 403ed, but 
>since anon users don't have content access privileges, this seems 
>weird to me that they can see the titles and teasers for blogs.

I can replicate this bug on Drupal 4.6.3. Please create an issue 
about it on drupal.org:



Web site: <http://xdeb.org/wiki/Fredrik>

More information about the drupal-devel mailing list