AIR Wiki: Access Control

Access Control

This version of Wikka has been patched so that groups are supported. Currently, two groups exist: UserGroupAllEditors and UserGroupAir.

Important Security Note for Users with a UserPage:
If you have a UserPage, be sure to visit the ACL (Access Control List) of your page (a link can be found at the bottom of your page), and change the (default) write permissions so that only you can change your page. Otherwise, everyone can alter it.

Access Control Explained

There are four types of access control:

read permission. This is by default set to '*', meaning that every one may read any page.
write permissions. The is by default set to '+', meaning that everyone with an account can edit any page. Since everyone can make an account, this implies that by default everyone can edit any page. In the future, this will probably be changed to 'UserGroupAllEditors'. Write permissions apply to both new pages as well as existing pages. In addition, most "public" pages (pages like the front page, the serach page and those with Categories) have been changed so that only members of the UserGroupAir have write permissions.
Comment permissions. This applies only to the ability to create new comments on a page. By default this is set to '+', meaning that everyone can add comments. Only the page owner, the person who made the comment and the WikiAdmins may delete a particular comment.
Access Control (ACL) permissions. This is fixed, and only the owner, which is listed on the bottom of the page, and the WikiAdmins can change the access control list. Changing the ACL allows the owner of a particular page to change the read, write and comment permission of a page. For example, the owner may want to restrict write access to only his- or herself, or to the UserGroupAir. Some pages may still list 'Public page' rather then a specific owner. Since that is no specific owner, no-one but the site admin(s) can change the ACL of those particular pages.

Script Kiddies, take notice

We allow anyone to register and alter these pages. So indeed, script-kiddies (and spambots) can change the pages very easily. As for the bots -- let's see if the security of Wikka stays up with the advancement of the spambots. Maybe at some point, you will have to confirm your mail address, etc. etc. As for the script kiddies, I'm sure they will deface a page or two in the future. That's predictable. I just hope they don't see much fun in it (all that happens is that they take some of my time to do a roll-back (yes all pages ever changed are stored in an archive). If it takes too much times, well, we just disable free registration, and ask you to mail me for an account. That's it. So, dear bots and script kiddies -- have fun wasting your and my time. But you will not impress me. Take up a *real* challenge∞ instead.