[pmwiki-users] PmWikiEdit . . .

Ben Wilson dausha at gmail.com
Mon Feb 6 12:26:15 CST 2006


> Message: 4
> Date: Mon, 6 Feb 2006 15:46:48 +0100 (CET)
> From: christian.ridderstrom at gmail.com
> Subject: Re: [pmwiki-users] PmWikiEdit . . .
> To: "Patrick R. Michaud" <pmichaud at pobox.com>
> Cc: pmwiki-users at pmichaud.com
> Message-ID: <Pine.LNX.4.44.0602061545240.1964-100000 at dragon.md.kth.se>
> Content-Type: TEXT/PLAIN; charset=ISO-8859-1
>
> On Mon, 6 Feb 2006, Patrick R. Michaud wrote:
>
> > On Mon, Feb 06, 2006 at 12:15:45AM +0100, christian.ridderstrom at gmail.com wrote:
> > > One solution for pages protected with .htpasswd is to submit URIs such as
> > > this one:
> > >
> > >     http://user:password@pmwiki.org/wiki/Some/Page
> > >
> > > However, this doesn't work with other authentification schemes unless
> > > pmwiki is modified to extract username/password from the URI if it's
> > > there. IIRC, Patrick will consider do this if we ask him.
> >
> > No, I said I would do this if someone could figure out a way to
> > extract the "user:password" portion from the uri.  In all of the
> > versions of Apache that I have ever used, the "user:password"
> > portion of the url isn't made available to the PHP script unless the
> > site is being protected by .htpasswd.
>
> Ah... Would it then instead be an option to allow pmwiki to extract
> password/username from something like:
>
>         ...?user=xxx&password=xxx
>
> It'd be very easy for me to change pmwiki-mode so that something like this
> is appended. It's not safe of course...

Yeah. Wouldn't that put the username/password in the server's logs?


--
Ben Wilson
" Mundus vult decipi, ergo decipiatur"




More information about the pmwiki-users mailing list