#168 Is read-only behavior correct?

[Lee Worden]

It would be good to check that http://lalashan.mcmaster.ca/theobio/projects/index.php/WorkingWiki/Security#WW_and_Read-only_wikis is correct and complete. Looking it over, I thought of two questions:

• Should creation and manipulation of background jobs be off limits to wiki readers without edit permission? Probably so.

• It is presumed that requests that have a side effect of causing make operations are okay. But here are two possible contrary views:
  ** It's true for a "well-designed" project that making a target more than once is effectively harmless. But in real life there are likely to be projects that update certain things every time make is called, and that could be a denial-of-service vector.
  ** Doing a make operation can have the side effect of updating an archived project file, which is in fact an edit operation - it changes and saves one or more wiki pages. One might expect that only users with edit permission would be allowed to do that. Though it's not an arbitrary edit, it's one that's strictly scripted by the makefiles, project descriptions and existing wiki pages.

[Jonathan Dushoff]

Even calling make and making it check that everything is up-to-date could pose a substantial load, if we are worried about people attacking us.

It's probably better design to prevent non-editing users from invoking make. Although it's easy to imagine scenarios where you would want to let them.

There will always be a tension, I guess, between a friendly environment for visitors, and worrying about getting overwhelmed by manifold or malicious visitors.

[Jonathan Dushoff]

Eventually, maybe a wiki-level (or project-level) flag for whether readers can make.