[Pmwiki-users] User security management

J. Perkins jason
Fri Jan 30 05:56:28 CST 2004


Hello all,

I have been playing around with a user-based security addon for PmWiki. 
This would allow a site admin to set per-user access to wiki groups and 
pages, and would also open up the possibility of author tracking. I've 
got the basic logon working, now I'm working on managing authorizations. 
I've got two big issues and not a lot of good ideas, and I'm hoping you 
good folks can help me out.

I plan to allow for a pluggable user authentication function. That is, 
the wiki will display a form and get the username and password, then 
hand it off to a custom function to decide if the credentials are any 
good. My current project, the one I am writing this addon for, uses an 
LDAP database to manage users. This is overkill for most wiki 
installations, so I would like to provide a default authentication 
system that is more wiki-like. I am thinking that I would allow users to 
register themselves, and then write credentials to a text file 
(something like Apache's .htpasswd files). So the first problem is how 
to allow user's to register with the wiki.

Now, assuming that I have a validated username, how do I know what that 
user is allowed to read/edit/etc.? Again, I would like the management of 
authorizations to be as wiki-like as possible, but I'm having trouble 
coming up a system that is secure and also easy to manage. It seems like 
it ought to be possible to list permissions on a wiki page, but should 
this be per group? Per user? How is access controlled? Lots of questions.

Any thoughts on this subject would be much appreciated.

Thanks,
Jason








More information about the pmwiki-users mailing list