[pmwiki-users] Allowing password extraction from URI
chr at home.se
chr at home.se
Sun Jul 24 11:19:54 CDT 2005
On Wed, 11 May 2005, Patrick R. Michaud wrote:
This a bit old, based on my discovery that pmwiki-mode in Emacs no longer
works with passwords on pmwiki.org
> On Wed, May 11, 2005 at 03:37:24PM +0200, chr at home.se wrote:
> > > However, you probably don't want to deal with cookies in Emacs, so
> > > perhaps you could try doing an HTTP POST with the "authpw" value set
> > > to "password"?
> >
> > Um.. I tried the following URI, but it didn't work..
> >
> > http://www.pmwiki.org/wiki/Test/Password?authpw=password
> >
> > Should it have worked?
>
> No, I wrote the authentication module to only accept
> authpw values via POST requests -- somehow it just feels more
> secure. If we can convince ourselves that it's okay to accept
> passwords from the url, then I can switch this to accept passwords
> from the URL as well.
Since I haven't had time to fiddle with Emacs, I wonder if you could
allow pmwiki.php to extract user:password from the URI. Meaning of
course that from this URI
http://user:password@www.pmwiki.org/wiki/Test/Password
pmwiki.php automatically extracts and uses user:password for
authentification.
This mechanism should of course not be enabled by default, but it would be
good to have now at least. (Since I haven't gotten around to fixing
pmwiki-mode).
I'd also appreciate it if you could enable this at pmwiki.org, at least
for the group Christian/ and a group Kvarn/ that I just created. This will
let me test how it works and work with these groups using pmwiki-mode.
In the long run (after fixing pmwiki-mode), I'm not sure if this is
something to keep, but it might at least be useful for people with older
versions.
regards
/Christian
--
Christian Ridderström, +46-8-768 39 44 http://www.md.kth.se/~chr
More information about the pmwiki-users
mailing list