[MLton] MLton wiki
Fri, 29 Oct 2004 09:00:40 -0700
> But, the download page points outside the wiki; that is, the
> downloads are not attachments. But, presumably, nothing stops me
> from editing the download page and change all those d/l links into
> attachements that I upload.
> I am also in favor of letting anyone create content. I guess we'll
> just have to see what happens.
I would like things to be open too. How about the following
intermediate position? We protect Download, Home, and Experimental,
but allow editing by anyone on all other pages. This still allows the
malicious user to create a trail to a spoofed download page, but
perhaps it is paranoid to worry about that.
I have tried this out by setting the following defaults.
acl_rights_after = 'All:revert,write'
acl_rights_before = 'TrustedGroup:admin,delete,read,revert,write +All:read'
acl_rights_default = ''
and adding the following line to the beginning of each page that
should be protected.
Let me know if this seems insecure.