[pmwiki-users] groups and upload security

Patrick R. Michaud pmichaud at pobox.com
Wed Sep 28 10:20:42 CDT 2005

On Wed, Sep 28, 2005 at 01:49:57PM +0100, Hans wrote:
> I am using per group subdirectories of wiki.d.
> I wonder if wiki.d can be also the upload directory.

It can, but make sure that the uploaded files won't accidentally
overwrite page files (and vice versa).  Perhaps place all
uploads in wiki.d/uploads/ or something like that.

> And how do I protect uploaded files, when the group they are attached
> to is read protected. I want to prevent downloads of attached files if
> a group is read protected via a group attribute password.
> Do I need to set certain .htaccess conditions?

If you're running Apache, then you can just copy the .htaccess
file from wiki.d/ into the uploads/ directory.  Then set
$EnableDirectDownload=0; in your configuration, and PmWiki will
serve uploads only if the browser has read authorization to the


More information about the pmwiki-users mailing list