[Pmwiki-users] Easily Hackable?
H. Fox
haganfox
Thu Apr 1 15:03:54 CST 2004
Patrick R. Michaud wrote:
> Except for using HTTP-Digest authentication instead of HTTP-Basic, this
> setup is not any more secure than simply password protecting pages with
> PmWiki. This would only be more hackable to someone who is able to
> somehow watch the HTTP headers transferred between the client and
> server.
I see. The Apache documentation says "[o]nly the most recent versions
of clients are known to support Digest authentication," so the extra
protection comes at a cost of browser compatibility.
Here are a few advantages I perceive for using .htaccess vs. PmWiki's
built-in authentication.
- Access restrictions may be common with other pages outside the wiki.
- Groups (of users) may be defined, allowing each individual to
have their own password.
- Author tracking may be forced.
> Also, instead of creating the symlinks I'd probably just create a
> script to chdir to the editable wiki and run things from there.
> You can see an example of this in the "Making a wiki script" section
> of PmWiki.ChangePmWikiUrl (at least until I refactor that page in the
> next couple of days).
It appears your days are very short! :)
Thanks,
Hagan
More information about the pmwiki-users
mailing list