[development] Requiring node revisions
David Strauss
david at fourkitchens.com
Thu Jun 7 09:59:51 UTC 2007
Karthik wrote:
> One of many scenarios where this will prove to be a hindrance:
>
> 1. I create a page using the PHP filter containing sensitive information.
> 2. I forget to select the PHP input format.
> 3. I notice this and edit the page again and select the correct format.
> 4. I think all is well.
>
> Anybody who can view revisions will be able to see my sensitive
> information.
On any site, viewing old revisions should be restricted to only the most
trusted users unless you're trying to operate like a wiki. As long as we
default to denying anonymous and authenticated users the right to view
old revisions, I think we'll be fine here.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: OpenPGP digital signature
Url : http://lists.drupal.org/pipermail/development/attachments/20070607/dfe0b40b/attachment.pgp
More information about the development
mailing list