[pmwiki-users] Rethinking passwords and authorization
pmwiki at 911networks.com
pmwiki at 911networks.com
Mon Oct 9 18:07:45 CDT 2006
On Mon, 9 Oct 2006 16:29:33 -0500
"Patrick R. Michaud" <pmichaud at pobox.com> wrote:
> Just for background: I think we need to be able specify
> authorization based on (1) knowledge of a password, (2)
> authenticated identity (userid), and/or (3) membership in a
> group. It would also be nice to have a way to revoke access
> based on userid or group membership (e.g., "everyone in this
> group except XYZ").
I think something like:
1. All passwords stored in a md5sum file, protected by ... either
htaccess or something else in Pm
2. An access file that has all the read/writes accesses like:
pagename who what
* Everybody Read -- Everybody can read everything
xyz groupabc Read + Edit -- Only people belonging to group abc can RW
namespace group123 Read + Upload -- group 123 can read/upload page in namespace...
page123 person123 Read + Edit -- only person 123 can read/edit page 123
This will give 1 place and it's very flexible. And as usual in
ACL go though all, and apply the most restrictive ACL.
This can either have an interface or to make it simpler, I love vi.
Since there is so much thinking into this, this will be my 3 cents worth.
--
Thanks
http://www.sqlhacks.com
The SQL knowledge base
More information about the pmwiki-users
mailing list