This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
FS#2009 Superuser can go to to anonymous
ACL & Authentication
When I set $conf['superuser'] to empty string, or if there is empty string after comma, the auth system grants superuser access to all pages to the anonymous user (but not to the Admin page). I think it is a vulnerability.
On the other hand if an anonymous user can be the admin, (it should be very loudly mentioned in comments and in the description of the superuser field in admin screen) why is no Admin button there?