[pmwiki-users] Rethinking passwords and authorization
Stirling Westrup
sti at pooq.com
Mon Oct 9 20:54:47 CDT 2006
Kathryn Andersen wrote:
> id:"Alice Adams", at authors,id:"Bob Barker","multi word password"
>
>> or when we try to revoke access:
>>
>> @authors id:"Alice Adams",-carol,"Bob Barker"
>
> @authors,id:"Alice Adams",-id:carol,id:"Bob Barker"
>
> But you would have to insist that passwords and names couldn't have a
> comma or quote in them.
>
> Another thing, I do like the idea of making all these different forms
> more uniform with
>
> auth_type:authorization
>
> as has already been suggested.
I would think that the way to parse it would be like this:
1) an auth string consists of space-delimited auth expressions.
2) an auth expression is an auth_type, and a comma-separated list of
auth tokens.
3) an auth token is an optional -, followed my a single word, or
multiple words in quotes. Any token containing a comma or space would
need to be in quotes, and any quotes inside a token would need to be
escaped.
The secret to parsing the above would be to have the first pass replace
quote-delimited phrases with something like the Keep() tokens, and then
parse on spaces, colons and commas.
> Would that also make it easier to parse?
>
> group:authors,id:"Alice Adams",-id:carol,password:"multi word password"
This would become:
group:authors id:"Alice Adams",-carol password:"multi word password"
> Would it be easier to put the quotes around the whole phrase, like
>
> group:authors,"id:Alice Adams"
That would make it hard to know if a comma was part of the name or a
delimiter, is "id:brown, james" two names, or one?
> Of course the problem with that would be breaking the old way, you
> couldn't go
>
> $DefaultPasswords['admin'] = crypt('secret');
>
> anymore, but presumably you could do
>
> $DefaultPasswords['admin'] = 'password:' . crypt('secret');
>
> instead.
I'd prefer to see
$DefaultPasswords['admin']['password'][] = crypt('secret');
More information about the pmwiki-users
mailing list