[Pmwiki-users] Re: Default Passwords

Patrick R. Michaud pmichaud
Fri Dec 17 12:08:36 CST 2004


On Fri, Dec 17, 2004 at 09:34:44AM +0000, Hans Bracker wrote:
> > (If your response to that is "okay,
> > but how can I use ?action=attr if the attr password is locked, the
> > answer is to use the admin password. :-)
> 
> Then perhaps an admin password should be set as a default option, or in
> sample-config there should be an entry for the admin password, if not
> for all the other default passwords as well, commented out?

Well, having a default admin password isn't good, because it makes it
all-too-easy for someone to manipulate a new site where the admin
doesn't set an explicit admin password.  Locking by default is better.

You're right that it should be listed in sample-config.php, and in fact
I thought it was already in there.  But I just checked and it's not,
so I'm adding it now.  Thanks.

> >> ... Is there a way to make GroupAttributes more secure?
> 
> > Sure, the solution I had in mind was to simply say that "attr"
> > privileges are required in order to delete a page instead of just
> > "edit" privileges.  
> 
> I hope not for deletion of any normal page, since authors often have
> to delete a page, but just have attr privileges in order to delete
> the GroupAttribute page. 

No, we need to do this for normal pages as well.  Each page has its
own attr password (which overrides GroupAttributes), so if someone
can delete a page containing an attr password they could change the
per-page passwords.  

It's a bit tricky to explain, but essentially what we need is something
that says:  "If a page has an attribute password, you must know it
(or the admin password) in order to actually delete the page, 
otherwise edit privileges are sufficient."

Or perhaps what we really need is a POST equivalent of "?action=delete", 
which can do some fancier checks on page deletion.  Probably via
$EditFunctions or the like.  This would also make it easier to
program PmWiki to do the correct thing after a page has been deleted --
i.e., where should the browser be sent when a page has just been
deleted?

Pm



More information about the pmwiki-users mailing list