Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Two spam messages in a normally spam-free area caused me to review access privileges in the following areas:
<http://n2.nabble.com/catalog/WhoCanViewAndPost.jtp?app=3138168> (parent) <http://n2.nabble.com/catalog/WhoCanViewAndPost.jtp?app=1653096> (child) <http://n2.nabble.com/catalog/WhoCanViewAndPost.jtp?app=1653123> (grand-child) <http://n2.nabble.com/catalog/WhoCanViewAndPost.jtp?app=1658350> (grand-child) The last two are unrestricted, which I find extremely surprising. Possibly PEBKAM but I very much doubt that I made the chandler-dev forum, where the spam was found, a free-for-all. Nabble, please, can you triple-check that the recent change to the UI (and the back-end) relating to access privileges is not breaking access restrictions in some cases? Not only spam; privacy (of private forums) is a greater concern. Thanks Graham Postscript: I have changed the restriction, to members only, on all three of 1653096, 1653123 and 1658350. Screen shots prior to the change: |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
… and 1653096 (the child) was not quite as I expected. FWIW that child features in HTTP ERROR: 500 Caused by: fschmidt.util.servlet.JtpContextServlet$JtpRuntimeException: FWIW 3138168 (the parent) features in: • People at forum 3138168 lists me twice • All posts via Nabble forum 1653123 failing for over three days — and the latter reminds me that the parent | child | grand-child arrangement for these OSAF forums changed significantly around the time that <http://n2.nabble.com/IETF-f3136371.html> and its children were created/arranged. |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by Graham Perrin
Another area that looks horribly wrong, four of four children are free-for-all and I'm 99.9% certain that I wouldn't have configured them in that way: |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by Graham Perrin
On closer inspection, the poster of the spam was a member with previously good posts. Suspect that the poster's account has been misused or abused. Still, the new UI is a source of confusion … |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by Graham Perrin
This is a misunderstanding. Even if you see [Everyone, Everyone, Everyone] selected, the bottom block says "Use my settings, AND parent settings". So if the parent forum is private, then child forum will also be private. You break the restriction if you select "Use my settings, OR parent settings" or "Use my settings only". So you don't have to redefine everything again. Just make sure you have the "AND" option selected.
|
Free forum by Nabble | Edit this page |