[pmwiki-users] Rethinking passwords and authorization

pmwiki at 911networks.com pmwiki at 911networks.com
Mon Oct 9 18:07:45 CDT 2006

On Mon, 9 Oct 2006 16:29:33 -0500
"Patrick R. Michaud" <pmichaud at pobox.com> wrote:

> Just for background:  I think we need to be able specify
> authorization based on (1) knowledge of a password, (2)
> authenticated identity (userid), and/or (3) membership in a
> group.  It would also be nice to have a way to revoke access
> based on userid or group membership (e.g., "everyone in this
> group except XYZ").

I think something like:

1. All passwords stored in a md5sum file, protected by ... either
htaccess or something else in Pm
2. An access file that has all the read/writes accesses like:
pagename   who          what
*	  Everybody	Read		-- Everybody can read everything 
xyz	  groupabc	Read + Edit	-- Only people belonging to group abc can RW 
namespace group123      Read + Upload	-- group 123 can read/upload page in namespace... 
page123    person123    Read + Edit	-- only person 123 can read/edit page 123

This will give 1 place and it's very flexible. And as usual in
ACL go though all, and apply the most restrictive ACL.

This can either have an interface or to make it simpler, I love vi.

Since there is so much thinking into this, this will be my 3 cents worth.

The SQL knowledge base

More information about the pmwiki-users mailing list