[pmwiki-users] password question
nospam at eton.ca
Tue Mar 28 09:07:08 CST 2006
At 2006-03-28 09:45 AM -0500, The Editor is rumored to have said:
>Just wondering why you are opposed to using AuthUser. It seems like
>it would really simplify all these curious workarounds. It's quite
>powerful, very flexible, and quite simple to use. I was thinking,
>perhaps there is something I'm not considering in using it. That is,
>perhaps you have some good reason for avoiding it that I should
>consider for my website. I get the feel our security needs are
If I had my wishes, the site in question would use Apache Basic
Authentication with unique user names and passwords for every user.
However, my client did not want *any* passwords to be used. I
suggested that this was not prudent based on the number of spammer
hits on other wikis I run and even on pmwiki.org.
So the compromise we arrived at was to have 2 shared passwords. You
need a read password to even see the pages. This is primarily
designed to keep the Yahoos of the world away. You can leave comments
on pages with just the read password thanks to Hans Bracker's
For power users, we have a shared edit password, which allows them
into all of the pages, except the Site pages, which are protected by
the PmWiki default. This also has the added benefit that new users
with just the read password can add text to pages without knowing any markup.
Everything works fine until someone tries to edit a Site page, at
which point the prompt should be "you need an admin password".
I thought about testing for the group and tuning the password prompt
based on that, but that seems a kludge, and it requires updating the
prompt logic if I decide to protect other pages.
Much better would be some logic that says "you are trying to edit
this page, and I can see that you have already used the shared edit
password, so you must need a higher level password - like admin."
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users