[pmwiki-users] Rethinking passwords and authorization

Patrick R. Michaud pmichaud at pobox.com
Tue Oct 10 13:01:00 CDT 2006


On Mon, Oct 09, 2006 at 06:14:04PM -0400, Crisses wrote:
>    On Oct 9, 2006, at 5:29 PM, Patrick R. Michaud wrote:
> 
>      Just for background:  I think we need to be able specify
> 
>      authorization based on (1) knowledge of a password, (2) authenticated
> 
>      identity (userid), and/or (3) membership in a group.  It would also be
> 
>      nice to have a way to revoke access based on userid or group
> 
>      membership (e.g., "everyone in this group except XYZ").
> 
>    "Bob Barker" "multi word password"
>    I think this is a big mistake.
>    When you have "alice" and "password" how does pmwiki know that alice is a
>    user and password is a user's password?

Currently PmWiki looks for the "id:" prefix to distinguish passwords from
usernames.

Pm




More information about the pmwiki-users mailing list