[Moin-user] Attachments

[Kenneth McDonald]

I noticed this statement on one of the Configuration help pages:
-----------
The AttachFile action enables a page to have multiple attached files.  
Since file uploads could be abused for DoS (Denial of Service)  
attacks, AttachFile is an action that may be enabled by the wiki  
administrator. To do this, add "allowed_actions = ['AttachFile']" to  
your configuration file.

This is all you usually need to do for configuration.


 Note that we plan to remove that option in 1.4. Because of that  
and the security problems noted below, we do not recommend that option.

------------

Is this really true--attachments in MoinMoin are going away? I can  
understand some security concerns, and perhaps disabling inlining of  
non-image attachments (though even there, couldn't the user just type  
in the possibly dangerous text?), but for us (and many others, I  
imagine) attachments are critical. We need to allow our users to view  
images and download things like PDFs and scripts for our product, and  
they need to be able to upload images (we're a graphics company) and  
their own scripts for other users. They _don't_ need to be able to  
inline anything other than images, so perhaps that's a restriction  
that could be made?



If someone could clarify this situation as soon as possible, I'd  
greatly appreciate it. We've put enough time into MoinMoin that it  
would already be quite difficult to abandon it, but if this element  
of it is going away, we need to look at a different solution before  
we really get committed to it.



Thanks,

Ken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20050816/f038d2b2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: alert.png
Type: image/png
Size: 220 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/moin-user/attachments/20050816/f038d2b2/attachment.png>