[pmwiki-users] passwords
Dominique Faure
dominique.faure at gmail.com
Fri Jan 27 02:01:28 CST 2006
2006/1/27, Phil Seyer <weddingdj at gmail.com>:
> PMwiki Documentation says:
>
>
>
>
>
> To set the entire site to be editable only by those who know an "edit"
> password, add a line like the following to local/config.php:
>
> $DefaultPasswords['edit'] = crypt('edit_password');
>
> In the documentation I have trouble telling when I need to substitue my own
> specific data into the command line.
> For example, do I need to change 'edit_password" to the actual password for
> editing or just leave it as
> 'edit_password' ?
>
> Thanks
> Phil Seyer
>
Writing
$DefaultPasswords['edit'] = crypt('edit_password');
will expose the clear-text password to anyone able to access the
source page as plain text. This could happen in several cases like
having a misconfigured web server.
Using
$DefaultPasswords['edit'] = '$1$SF4.z./.$y5u/NTWgGMytRjSFmUpMk.';
won't reveal it at all.
Regards,
Dom
More information about the pmwiki-users
mailing list