[pmwiki-users] Rethinking passwords and authorization

Stirling Westrup sti at pooq.com
Mon Oct 9 20:54:47 CDT 2006


Kathryn Andersen wrote:

> id:"Alice Adams", at authors,id:"Bob Barker","multi word password"
>  
>> or when we try to revoke access:
>>
>>     @authors id:"Alice Adams",-carol,"Bob Barker"
>       
>       @authors,id:"Alice Adams",-id:carol,id:"Bob Barker"
>  
> But you would have to insist that passwords and names couldn't have a
> comma or quote in them.
> 
> Another thing, I do like the idea of making all these different forms
> more uniform with
> 
>         auth_type:authorization
> 
> as has already been suggested.

I would think that the way to parse it would be like this:
  1) an auth string consists of space-delimited auth expressions.
  2) an auth expression is an auth_type, and a comma-separated list of
auth tokens.
  3) an auth token is an optional -, followed my a single word, or
multiple words in quotes. Any token containing a comma or space would
need to be in quotes, and any quotes inside a token would need to be
escaped.

The secret to parsing the above would be to have the first pass replace
quote-delimited phrases with something like the Keep() tokens, and then
parse on spaces, colons and commas.

> Would that also make it easier to parse?
> 
>     group:authors,id:"Alice Adams",-id:carol,password:"multi word password"

This would become:

  group:authors id:"Alice Adams",-carol password:"multi word password"

> Would it be easier to put the quotes around the whole phrase, like
> 
>       group:authors,"id:Alice Adams"

That would make it hard to know if a comma was part of the name or a
delimiter, is "id:brown, james" two names, or one?

> Of course the problem with that would be breaking the old way, you
> couldn't go 
> 
>         $DefaultPasswords['admin'] = crypt('secret');
> 
> anymore, but presumably you could do
> 
>         $DefaultPasswords['admin'] = 'password:' . crypt('secret');
> 
> instead.

I'd prefer to see

	  $DefaultPasswords['admin']['password'][] = crypt('secret');






More information about the pmwiki-users mailing list