In our installations of FCKEditor or the latest CKEditor in Open Atrium (in response to our customer’s desire to have WYSIWYG capabilities for content creation), it is important to note that in Open Atrium:
If you allow image/media uploads for content using a WYSIWYG editor, it is not Group aware! As a result, anyone can view the images/media uploaded by others from other groups even if they do not have access to that group while creating their own content. All uploads are found in the same area for the site and not separated by groups.
This is a security concern for groups who may be posting charts and graphs that are confidential. Private groups need to remain private which includes all its’ content.
It is our suggestion to disable the upload capability of any WYSIWYG editor you might be installing.
Anyone what to make CKEditor uploads Group friendly :)
Comments