default acl change?

[ThomasWaldmann]

I recently installed a new wiki and was not very careful with the ACLs, so it used the default ACL (which is r/w for everybody).

Only a few days later the wiki had a thousand spam pages and about as many new "users" (spammers).

While the user creation is an annoyance by itself, the spam page creation could be avoid by just having u"All:read" as default ACL, forcing wiki admins to set up their own acl_rights_before and acl_rights_default.

The default acl could be changed at 2 places:

• in multiconfig.py (so it really is the default default acl)
• in the sample configs (so it is better visible, but not really the default)

[ReimarBauer]

We could also exclude the action to create users by actions_excluded So that at least a config step has to be done.

[ThomasWaldmann]

see #16.

[ThomasWaldmann]

Guess I do a change at both places:

• in multiconfig to have a more safe internal default
• in wiki config sample, showing how to use acl definition to override the internal default