[pmwiki-users] How use lowercase in Group Names

Patrick R. Michaud pmichaud at pobox.com
Wed Sep 28 15:16:43 CDT 2005

On Wed, Sep 28, 2005 at 10:06:12PM +0200, Joachim Durchholz wrote:
> Waylan Limberg schrieb:
> >RewriteCond %{REQUEST_FILENAME} !-f
> >RewriteRule ^(.*)$ phwiki.php?n=$1 [QSA,L]
> >
> >The key is the "!-f" part which essentially means: 'If the requested
> >file name does not exist use this rewrite rule, otherwise proceed as
> >normal'.
> Hmm... I see pros and cons for that.
> On the pro side, you can structure your namespace simply by creating the 
> appropriate files. Easy and convenient.
> On the con side:
> 1. This gives access to all directories, even those that are supposed to 
> be restricted... think wiki.d/Site.SideBar, which then anybody could 
> download including passwords and all other attributes.

Surely the existence of the "!-f" doesn't cause Apache to bypass any 
.htaccess files or other access controls that may be in place 
(such as the one that is already in wiki.d/.htaccess).  

As I read the above rewrite rule, it says to rewrite
the url only if the url *doesn't* correspond to a file in the 
filesystem.  If the url does correspond to a file, then the rewrite
rule doesn't fire, and execution continues on as if the rewrite rule
wasn't present.  In this sense it's no more or less secure than the
other CleanURL approaches.

> Passwords wouldn't be *that* large a problem if they are stored in 
> encrypted form (I'm not sure about that), but you get the drift, I think 
> :-).

Passwords in PmWiki are always stored in encrypted form.


More information about the pmwiki-users mailing list