[Pmwiki-users] Easily Hackable?
Patrick R. Michaud
Thu Apr 1 11:24:31 CST 2004
On Wed, Mar 31, 2004 at 09:52:44PM -0700, H. Fox wrote:
> Do the client's wiki pages need to be publicly editable?
> If not, how about having the public pages exist on a read-only version
> of the wiki and the editable, read-write version behind a firewall
> and/or in a password-protected directory on an SSL server?
Sure, PmWiki can do this quite easily...
> You could use HTTP authentication by group and give people their
> individual user passwords that way, correct?.
Note that PmWiki uses HTTP Basic authentication, and as such is no
more nor less secure than using .htaccess files.
> How to replicate is an
> implementation detail -- maybe use rsync or even mirrordir. The point
> is: it should be possible / practicable to have a read only public
> version and a read-write private version of the same site.
> Another possibility: Could the same wiki.d directory somehow be
> read-only for the public wiki and read-write for the password-protected
Of course! :-)
You can do this by simply using cp or mv and setting up $WikiLibDirs to
search multiple directories. The idea is to create a separate directory
to hold the read-only versions of wiki pages (e.g., "readonly.d"), then
add this to $WikiLibDirs as a place to be checked for pages. One can
then make a page "read only" by simply copying or moving the file from
wiki.d into readonly.d.
Thus, for a read-write environment:
$WikiLibDirs = array(&$WikiDir,"readonly.d","wikilib.d");
and for a read-only environment:
$WikiLibDirs = array("readonly.d","wikilib.d");
In the read-only environment, people will only see the pages copied from
wiki.d into readonly.d, plus the ones in wikilib.d.
One can then set $WikiLibDirs based on the protocol being used
(e.g., https: versus http:), the URL used to access the wiki, or
any other criteria one wishes to use.
More information about the pmwiki-users