[Pmwiki-users] User security management
Fri Jan 30 05:56:28 CST 2004
I have been playing around with a user-based security addon for PmWiki.
This would allow a site admin to set per-user access to wiki groups and
pages, and would also open up the possibility of author tracking. I've
got the basic logon working, now I'm working on managing authorizations.
I've got two big issues and not a lot of good ideas, and I'm hoping you
good folks can help me out.
I plan to allow for a pluggable user authentication function. That is,
the wiki will display a form and get the username and password, then
hand it off to a custom function to decide if the credentials are any
good. My current project, the one I am writing this addon for, uses an
LDAP database to manage users. This is overkill for most wiki
installations, so I would like to provide a default authentication
system that is more wiki-like. I am thinking that I would allow users to
register themselves, and then write credentials to a text file
(something like Apache's .htpasswd files). So the first problem is how
to allow user's to register with the wiki.
Now, assuming that I have a validated username, how do I know what that
user is allowed to read/edit/etc.? Again, I would like the management of
authorizations to be as wiki-like as possible, but I'm having trouble
coming up a system that is secure and also easy to manage. It seems like
it ought to be possible to list permissions on a wiki page, but should
this be per group? Per user? How is access controlled? Lots of questions.
Any thoughts on this subject would be much appreciated.
More information about the pmwiki-users