[Pmwiki-users] Easily Hackable?

[Patrick R. Michaud]

On Wed, Mar 31, 2004 at 09:52:44PM -0700, H. Fox wrote:
> Do the client's wiki pages need to be publicly editable?
> 
> If not, how about having the public pages exist on a read-only version 
> of the wiki and the editable, read-write version behind a firewall 
> and/or in a password-protected directory on an SSL server?

Sure, PmWiki can do this quite easily...

> You could use HTTP authentication by group and give people their 
> individual user passwords that way, correct?.  

Note that PmWiki uses HTTP Basic authentication, and as such is no
more nor less secure than using .htaccess files.

> How to replicate is an 
> implementation detail -- maybe use rsync or even mirrordir.  The point 
> is: it should be possible / practicable to have a read only public 
> version and a read-write private version of the same site.
> Another possibility: Could the same wiki.d directory somehow be 
> read-only for the public wiki and read-write for the password-protected 
> version?

Of course!  :-)

You can do this by simply using cp or mv and setting up $WikiLibDirs to 
search multiple directories.  The idea is to create a separate directory
to hold the read-only versions of wiki pages (e.g., "readonly.d"), then
add this to $WikiLibDirs as a place to be checked for pages.  One can
then make a page "read only" by simply copying or moving the file from
wiki.d into readonly.d.

Thus, for a read-write environment:
   $WikiLibDirs = array(&$WikiDir,"readonly.d","wikilib.d");

and for a read-only environment:
   $WikiLibDirs = array("readonly.d","wikilib.d");

In the read-only environment, people will only see the pages copied from
wiki.d into readonly.d, plus the ones in wikilib.d.  

One can then set $WikiLibDirs based on the protocol being used
(e.g., https: versus http:), the URL used to access the wiki, or
any other criteria one wishes to use.

Pm