[pmwiki-users] password question

Neil Herber nospam at eton.ca
Tue Mar 28 09:07:08 CST 2006 

At 2006-03-28  09:45 AM -0500, The Editor is rumored to have said:
>Hi Neil!
>
>Just wondering why you are opposed to using AuthUser.  It seems like
>it would really simplify all these curious workarounds.  It's quite
>powerful, very flexible, and quite simple to use.  I was thinking,
>perhaps there is something I'm not considering in using it.  That is,
>perhaps you have some good reason for avoiding it that I should
>consider for my website. I get the feel our security needs are
>probably comparable.
>
>Cheers,
>Caveman

Hi Caveman

If I had my wishes, the site in question would use Apache Basic 
Authentication with unique user names and passwords for every user. 
However, my client did not want *any* passwords to be used. I 
suggested that this was not prudent based on the number of spammer 
hits on other wikis I run and even on pmwiki.org.

So the compromise we arrived at was to have 2 shared passwords. You 
need a read password to even see the pages. This is primarily 
designed to keep the Yahoos of the world away. You can leave comments 
on pages with just the read password thanks to Hans Bracker's 
"commentboxstyled" script.

For power users, we have a shared edit password, which allows them 
into all of the pages, except the Site pages, which are protected by 
the PmWiki default. This also has the added benefit that new users 
with just the read password can add text to pages without knowing any markup.

Everything works fine until someone tries to edit a Site page, at 
which point the prompt should be "you need an admin password".

I thought about testing for the group and tuning the password prompt 
based on that, but that seems a kludge, and it requires updating the 
prompt logic if I decide to protect other pages.

Much better would be some logic that says "you are trying to edit 
this page, and I can see that you have already used the shared edit 
password, so you must need a higher level password - like admin."


Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668

More information about the pmwiki-users mailing list