[pmwiki-users] How to restrict auth to secure connections
mik.admin at nurfuerspam.de
Thu Aug 17 11:19:06 CDT 2006
I think, I understand your question now, you want to block login-form if it's
requested from insecure source (not https nor localip). Am I right?
Put somehow a condition into Site.AuthForm using
(:if enabled VAR:) while VAR is a php-variable you set in config.php unluckily
(:if:) doesn't seem to work the usual way in Site.AuthForm (?)
Am Donnerstag, 17. August 2006 15:17 schrieb Daniel Rubin:
> Patrick R. Michaud wrote:
> > On Thu, Aug 17, 2006 at 10:27:06AM +0200, Daniel Rubin wrote:
> >>Greetings, everyone.
> >>I'd like to restrict authentication to my wiki such that
> >> * login is only permitted from connections via https or from
> >> the local network
> >> * the authentication form is also only shown under these
> >> circumstances.
> >>Which is the best way to achieve this?
> > So, if someone attempts to access a protected resource from a
> > non-https connection, you want the system to just return a
> > "forbidden" response, or ...?
> > Pm
> Not exactly. I only want the _login_ to be rejected if it comes from an
> insecure source.
> To be precise,
> (1) AuthUser should not honor any username and password posts
> (2) instead of the login form it should return a rejection message.
More information about the pmwiki-users