[pmwiki-users] Admin's password
vanship85 at gmail.com
Fri Aug 11 10:26:41 CDT 2006
Yes, I have checked it. Now I think that it is AuthUser configuration. Maybe
this problem is not a big deal, but I think sometimes some admins are
annoyed about it...
On 8/11/06, Tegan Dowling <tmdowling at gmail.com> wrote:
> Do you have in your config.php:
> On 8/11/06, 1 2 <vanship85 at gmail.com> wrote:
> > Sorry that maybe I misunderstand what is the default configuration. I
> > give an example,
> > I set in local/config.php that
> > $DefaultPasswords['admin'] = crypt('123456');
> > And I follow the instruction that in Site.AuthUser, I add a line as
> > alice: (:encrypt wonderland:)
> > and save it to create an account. Then I edit the attributes of a page,
> > the following line in the edit password box,
> > id: alice
> > Of coz next time when I edit the page, it prompts an login page with
> > and Password box. I try alice:wonderland and it is ok. But when I try
> > alice:123456(the default passwords of admin), it is also ok. Even when I
> > bob:123456, it is still ok. I think it is a problem that if a user's
> > password is happened to be the admin's, he will get the whole privileges
> > even if he does not know he becomes an admin.
> > On 8/11/06, Tegan Dowling <tmdowling at gmail.com> wrote:
> > >
> > On 8/11/06, 1 2 <vanship85 at gmail.com> wrote:
> > > On 8/11/06, Tegan Dowling < tmdowling at gmail.com> wrote:
> > > >
> > > >On 8/11/06, 1 2 <vanship85 at gmail.com> wrote:
> > > > >
> > > > > Hi. I set up my pmwiki and set a page to be only edited by some
> > But
> > > > > if I provide the admin's password in the password box, I will be
> > to
> > > > > login and edit this page regardless to the username I provide in
> > > > > username box. It seems that the default admin password does not
> > require a
> > > > > user name. I think this may cause security problems. How to solve
> > > > > problem?
> > > >
> > > > What security setup are you using - AuthUser, or UserAuth, or just
> > > > default configuration?
> > >
> > > Default configuration
> > Then I'm puzzled - typically the authorization form for the default
> > configuration doesn't include a field for username - it just has the
> > single field for password. Does your login page have both? OR when
> > you refer to "the username I provide in the username box", do you mean
> > the Author name that you supply when you edit?
> > I think you're probably discovering-by-using the basic way that this
> > is supposed to work. The admin password is intended to over-ride all
> > others. Administrators need to understand this so that they know not
> > to give it to anyone who should not have 'god-like powers'.
> > If you've given the admin password to someone who shouldn't have admin
> > access to the wiki, you may want to change the admin password.
> > Am I understanding and addressing your situation and question?
> > _______________________________________________
> > pmwiki-users mailing list
> > pmwiki-users at pmichaud.com
> > http://host.pmichaud.com/mailman/listinfo/pmwiki-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pmwiki-users