New Default limited (instead of private)
-
I know. The Cloudron policy is to use the default upstream settings. But hey. HedgeDoc is a collaboration tool in my understanding. And since no one is able to guess the URL of my "private" notes (others only see the document when you share it with your teammates), we should change the default from private to limited.
I've spent so many minutes with "Thank you for sharing, but please click limited".Limited means: only users can see and edit. No guests (means not public).
Pronouns: he/him | Primary language: German
-
I know. The Cloudron policy is to use the default upstream settings. But hey. HedgeDoc is a collaboration tool in my understanding. And since no one is able to guess the URL of my "private" notes (others only see the document when you share it with your teammates), we should change the default from private to limited.
I've spent so many minutes with "Thank you for sharing, but please click limited".Limited means: only users can see and edit. No guests (means not public).
-
@luckow that's actually a good idea, but may be something that needs to be explicitly mentioned in the app description.
I just changed the configurable on mine to make notes limited by default.
@fbartels what concerns do you have about the possible new default? When using HedgeDoc, as expected, there is no potential privacy leak (due to the random url and the missing directory for team member history / new documents).
-
I know. The Cloudron policy is to use the default upstream settings. But hey. HedgeDoc is a collaboration tool in my understanding. And since no one is able to guess the URL of my "private" notes (others only see the document when you share it with your teammates), we should change the default from private to limited.
I've spent so many minutes with "Thank you for sharing, but please click limited".Limited means: only users can see and edit. No guests (means not public).
@luckow Double checked this and it seems that the upstream default is actually
editableper https://github.com/hedgedoc/hedgedoc/blob/1.8.1/docs/content/configuration.md#users-and-privileges . In the package, we set it toprivate. I don't think this was a conscious decision.I will change the default to
editablewhich is the similar tolimitedbut allows guests to have read only access. -
@fbartels what concerns do you have about the possible new default? When using HedgeDoc, as expected, there is no potential privacy leak (due to the random url and the missing directory for team member history / new documents).
@luckow said in New Default limited (instead of private):
what concerns do you have about the possible new default?
I don't really have a concern about it, but when the default changes to something more public it should be highlighted.
At the very least the urls of notes get logged on the reverse proxy and setting them to editable or limited can mean that the local admin (or someone else with access to logs) could find note urls and view them.
