[Pmwiki-users] Re: Basic HTTP authentication

Ben Schmidt bschmidt
Fri Jul 23 12:29:14 CDT 2004

On Jul 23, 2004, at 2:00 PM, Pmwiki-users-request at pmichaud.com wrote:
> Which brings up a good topic -- if we're going to have to be using PHP
> sessions anyway, is there any real reason to keep Basic HTTP
> authentication as the default for PmWiki?  There are enough systems
> around that don't support HTTP authentication in PHP that it might be
> worth defaulting to session-based authentication in the distribution
> and leaving HTTP Basic authentication as a configurable option.
> Comments?

Well as long as HTTP authentication remains optional...OK

My use of HTTP authentication is to prevent people from downloading 
non-php files (e.g. uploaded word docs, excel files, etc) previously 
uploaded into password-protected wiki areas.

As a pmwiki newbie, I don't know the status of pmwiki with regard to 
restricting access to uploaded files. But I have exactly this problem 
on my own cobbled together (non-pm) wiki. I have password protected 
(non-pm) wiki areas that work just fine.  But as soon as I added file 
upload features (MSoffice documents, PDF, etc), I had to enable HTTP 
authentication on the file upload directories and then ensure that the 
various wiki and HTTP passwords are kept in sync.


More information about the pmwiki-users mailing list