Introduction
  Installing
  Handling
  Virtual servers
  Modules
  Filesystems
  RXML tags
  Graphics
  Proxy
  Miscellaneous modules
  Security considerations
    Challenger user
    Restricted pages
    Trust levels
  Scripting
  Databases
  LDAP
  FrontPage
  Upgrading
  Third party extensions
  Portability
  Reporting bugs
  Appendix
 
Trust levels

Trustlevels are a system that can be used to limit access to certain modules depending on where the file originates. It can be used to give trusted persons access to potentially hazardous modules like the CGI executable support module or the SQL-module.

Trustlevels work by setting the Builtin variables/Security: Security level variable of modules.

A request is initially assigned a trust level equal to the security level of the filesystem module from which it originates.

The request will only be able to pass through modules with an equal or lower security level than the request's trust level. Modules that has a higher security level will be ignored, like they were not even enabled.

If the request passes through a module with a lower security level than the request's trust level, the trust level will be lowered to the security level. If the request tries to pass through additional modules it will use the lowered trust level.

Example

CGI executable support - trust level 1
Pike tag - trust level 1
Filesystem - trust level 1
User Filesystem - trust level 0
The Filesystem module can contain CGI scripts or pages using the <pike> tags. We can assume that only trusted users can write files that are handled by this module.

User home pages, that are handled by the User Filesystem module may not, on the other hand, contain CGI scripts nor use the <pike> tag.