Privacy issues
I've posted on this topic a couple of times, but the more I "explore" into the Tiki Wiki source, the more concerned I get about privacy and security. It seems to me the ACL mechanism are pretty much applied only when "convenient". For instance:
1. The Blog RSS "feed" completely bypasses any ACLs set on a blog. Meaning, even if I make a blog completely private, anyone can read it through the RSS (if that feature is enabled).
2. (less severe, but still): All "list" functions (list, ranking, orphaned pages etc.) do not honor any of the ACL mechanism at all. The content is still protected, but IMO if I make a page private (or restricted to a group of people), no one should see anything related to that, if they don't have the right credentials.
3. (not ACL related, but...): SSL support works well, except, the Register feature does not honor the SSL settings.
Of the above, #1 is by far most severe, since it completely bypasses the ACL mechanism. I'm guessing other RSS feeds have similar security "holes" as well, but on my site they get "plugged" since I've fixed the "list" functions to honor ACLs.
-- Leif
;){kind=link}
;){kind=link}