dynamic wiki content
simon at joyful.com
Wed Nov 17 21:54:10 UTC 2004
>One cannot do anything with DTML that is not already exposed as an
>externally available method from the python code. (e.g. one could
>simply use HTTP GET to run that python method anyway)
That's true; you can visit the appropriate delete method directly and
delete some objects if you have permission.
If you don't have permission, DTML in pages makes it a little easier to
get someone else to do it inadvertently.
Ie a DTML call can be left lurking in a page to be triggered next time a
logged-in manager views that page. Though we would disallow this as
FWIW members do have permission to delete any page in the wiki via url
right now. In practice those of us who are subscribed (at least) would
notice any unusual deletes, we would undo the actions and investigate.
There is a trade off between "security" and usability. At some point you
are better off relying on backups and appropriate corrective action when
Feel free to move this thread to eg zwiki at zwiki.org if we are getting
More information about the ubuntu-doc