[pmwiki-users] Rethinking passwords and authorization
Patrick R. Michaud
pmichaud at pobox.com
Tue Oct 10 13:01:00 CDT 2006
On Mon, Oct 09, 2006 at 06:14:04PM -0400, Crisses wrote:
> On Oct 9, 2006, at 5:29 PM, Patrick R. Michaud wrote:
> Just for background: I think we need to be able specify
> authorization based on (1) knowledge of a password, (2) authenticated
> identity (userid), and/or (3) membership in a group. It would also be
> nice to have a way to revoke access based on userid or group
> membership (e.g., "everyone in this group except XYZ").
> "Bob Barker" "multi word password"
> I think this is a big mistake.
> When you have "alice" and "password" how does pmwiki know that alice is a
> user and password is a user's password?
Currently PmWiki looks for the "id:" prefix to distinguish passwords from
More information about the pmwiki-users