[pmwiki-users] Rethinking passwords and authorization

Neil Herber nospam at eton.ca
Tue Oct 10 16:10:35 CDT 2006

At 2006-10-10  01:00 PM -0500, Patrick R. Michaud is rumored to have said:
>The main difficulty with requiring a prefix for passwords
>is that it doesn't quite work from an author perspective with a
>non-AuthUser-based PmWiki.
>In other words, on the ?action=attr form, how do we explain to
>authors/admins that in order to set a password they have to
>prefix it with "pw:"?  I think that many authors will be confused
>about why the prefix is needed, since PmWiki already "knows"
>that it's a password field.

OK, here is a way-out-in-left-field idea:

If the wiki is not using AuthUser, then only passwords apply and 
everything stays like it is now.

If the wiki is using AuthUser, then they may allow by authenticated 
id, by user group, or by shared password.
When someone displays the "attr" page, instead of having a single 
"password" box per "level" (level being read, edit, etc. - not sure 
of the correct word here) there will be 3 boxes per level -  one for 
passwords, one for ids and one for user groups.

Now there is no need for any prefix whatsoever, although PmWiki may 
internally use them to keep track of things.

The next question that should arise is, "What happens on the 
Site/AuthUser page?"

Since the page would only be of concern if AuthUser was in use, then 
I think the prefixes could be used with no confusion.
or some other similar set. These could be the prefixes that the 
"attr" page uses "invisibly".

Neil Herber
Corporate info at http://www.eton.ca/ 

More information about the pmwiki-users mailing list