Forum OpenACS Development: Re: Some new features

2: Re: Some new features (response to 1)
Posted by Gustaf Neumann on
At the OpenACS conference in Vienna, there were requests to reconsider the public installation of api-doc. Since many years, all "Registered Users" got per default access to /api-doc. This is probably OK, when one assumes that the registered users are developers. However, providing source code access to all registered users can pose a security thread,
especially on large sites, with highly diverse users.

In the development version of OpenACS, this is addressed in two ways.

  • Firstly, for new installs, api-doc is now just accessible for site-wide admins.
  • Secondly, the user-interface for package permissions (link used e.g. in site-maps) was reworked to make it easier to modify the permissions on packages. See below for the new interface. This change is certainly relevant for all packages.