[pmwiki-users] Rethinking passwords and authorization
Ryan R. Varick
rvarick at gmail.com
Wed Oct 18 08:30:10 CDT 2006
I had to think about this before I saw the problem, but I agree that
it could introduce problems. My suggestion would be to craft the UI
such that it makes expectations explicit. I think Neil's idea has
potential. Personally, I find the whole thing confusing and would
prefer to do away with prefixes altogether. Boxes for each "level"
have several advantages:
1) Easily programmable - one box for non-AuthUser installations, three
for AuthUser-enabled sites.
2) Clear(er) UI - Authors no longer have to learn a syntax (simple
though it may appear) along with the PmWiki authentication system.
There's less chance for confusion, because the choices are clearly
defined. Combined with header labels, I think it could be very
straightforward.
3) Parsing - Input is already neatly sorted into separate form fields.
Frontent prefixes aren't needed, nor are quotes. Commas are
sufficient to separate individual entries.
Overall, it seems like a good approach to me. What are the downsides?
Ryan
On 10/10/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Mon, Oct 09, 2006 at 10:31:46PM -0400, Neil Herber wrote:
> > At 2006-10-09 06:02 PM -0400, Ryan R. Varick is rumored to have said:
> > >I've always kind of wondered why the syntax is as the way it is
> > >anyway. I certainly think it would be more intuitive if there were a
> > >set of common prefixes, like
> > >
> > > password:quick
> > > user:alice (or id:alice, if that's preferred)
> > > group:authors
> >
> > This makes much more sense to me than the current "id:" "@" and
> > nothing prefixes.
> >
> > pw:
> > id:
> > gp:
> >
> > are short and directly identifiable.
> >
> > Something like:
> >
> > gp: Alpha -id:Fred +pw:zebra
> >
> > would mean the Alpha group, except for Fred, plus anyone who knows
> > the password zebra.
>
> The main difficulty with requiring a prefix for passwords
> is that it doesn't quite work from an author perspective with a
> non-AuthUser-based PmWiki.
>
> In other words, on the ?action=attr form, how do we explain to
> authors/admins that in order to set a password they have to
> prefix it with "pw:"? I think that many authors will be confused
> about why the prefix is needed, since PmWiki already "knows"
> that it's a password field.
>
> Pm
>
>
More information about the pmwiki-users
mailing list