Optional unauthorized messageThe optional #: prefix allows you to define content that is displayed for users that are not authorized to view the page. In general it is usefull to either [[[Include(wiki:ProtectedPageMessage)]] or [[[Include(wiki:ProtectedSectionMessage)]] since they contain the default message indicating that the content is unavailable. Multiple #: prefixes are allowed. Each will be used to generate content for unauthorized users in the order in which they occur. When no #: prefix is given the protected section is completely hidden. For a page that is completely secure this would give unauthorized users a white page, therfore it is highly recommended to always #:[[[Include(wiki:ProtectedPageMessage)]] for these pages. Optional levels / colorsThe protected macro that we use supports several security levels, each with a different color. However, for our Trac we decided to keep it simple. Therefore, we only use the default #!protected level. All users that are allowed to view this level are also allowed to view the red, blue, and green levels. To use these levels simply use either #!protected-red, #!protected-blue, or #!protected-green instread of !protected. Security loopholesUnfortunately there are several loopholes that can be exploited to circumvent the security mechanism. For instance, when viewing the history the protected sections are not removed. This can be solved by moving the protected content from the wiki table into a different wiki_protected table. This will have the disadvantage that the history and changes will no longer be available for these sections. It is unknown if we will spend time on implementing this feature into the protected addon that we are using. }}} |