[development] Requiring node revisions
Karthik
narakasura at gmail.com
Thu Jun 7 19:20:10 UTC 2007
On 07/06/07, David Strauss <david at fourkitchens.com> wrote:
> Karthik wrote:
> > One of many scenarios where this will prove to be a hindrance:
> >
> > 1. I create a page using the PHP filter containing sensitive information.
> > 2. I forget to select the PHP input format.
> > 3. I notice this and edit the page again and select the correct format.
> > 4. I think all is well.
> >
> > Anybody who can view revisions will be able to see my sensitive
> > information.
>
> On any site, viewing old revisions should be restricted to only the most
> trusted users unless you're trying to operate like a wiki. As long as we
> default to denying anonymous and authenticated users the right to view
> old revisions, I think we'll be fine here.
Right now, I don't have to do or worry about any of this. I can see
that it's a PHP page and just choose not to create a revision or
disable it altogether for all page nodes by default.
Choice, Choice, Choice ...
-K
More information about the development
mailing list