[Pmwiki-users] Uploading and password proctecting

Steven Leite steven_leite
Tue Jun 15 20:25:10 CDT 2004


On Tuesday, June 15, 2004 5:20 PM [GMT+1=CET],
Patrick R. Michaud <pmichaud at pobox.com> wrote:

> On Tue, Jun 15, 2004 at 12:56:42PM -0400, J. Perkins wrote:
>> Robin wrote:
>>
>> I would like to see PmWiki control access to uploaded files at some
>> point. In the meantime, here is something else that I've been
>> meaning to add to the cookbook. It checks to make sure that you have
>> read (or whatever action specified by $AuthDownloadType) access to
>> the page containing the link to the download.
>
> Ummm, how does this return the correct file type for .gif, .jpg, etc.?
> Or does it always treat everything as being
> 'application/x-octet-stream'? At the very least it goes against the
> grain of HTTP, and it seems
> to me that it might cause things like 'Attach:image.gif' to not work
> in some browsers.
>
> The main reason I didn't interpose PmWiki into the attachment download
> process is that I felt it was a bit much overhead and that it was
> better to let the webserver negotiate the content types.  But if
> we want PmWiki to do the content-type negotiation instead, I can
> certainly build it into the 2.0 code as an optional feature.
> This would also mean that the uploads directory would no longer need
> to be (or even should be) "web accessible", and the only
> web-accessible directory would be "pub/".
>
> Pm

I think it should be optional.  One user pointed out that Wiki's are
about collaboration, and everything should be shared.  I agree to a
limit.  That might have been the original intent of a Wiki, but that is
not longer the case. Wiki's are maturing now, and soon they may become
powerful content management systems.  Some users are already using them
for this purpose.  In light of that, I think the idea of having uploaded
files in a non-web-accessible directory is a VERY good idea.  This will
extend naturally to the idea of password protecting downloads in the
same way that we password protect pages.

Still, for those that want to keep things "friendly" .. if it can be
done without too much trouble, then I guess making it an option would be
a good solution (eg.  protect files or not protect files).  There are
certain advantages to being able to type in:

http://www.pmwiki.org/wiki/uploads/Cookbook (or whatever ), and just get
a raw listing of file contents.  By-passing the wiki altogether isn't
necessarily a bad thing depending on the circumstances.

-Steven




More information about the pmwiki-users mailing list