[pmwiki-users] Problem with securing my website using login for updating
IchBin
weconsul at ptd.net
Thu Jan 11 17:06:16 CST 2007
This has never happened before but here goes. I just moved my website to
a new hosting site. I just entered a bad admin login name and correct
password. It let me open up that page for editing. So I tried to enter a
makeup userid and makeup password. It let me open up the editor for
editing that page. I am not sure how this is happening.
I just noticed that I had 30 user on my website. I just put a .htaccess
file in the root to block anyone until I get this problem fixed.
Nothing have changed I have this:
- this in my config:
$DefaultPasswords['admin']='$1$Pw1cjg06$9VgqESpEGt1WLCJPgr/3J.';
$DefaultPasswords['attr']= '$1$Pw1cjg06$9VgqESpEGt1WLCJPgr/3J.';
$DefaultPasswords['edit']= '$1$Pw1cjg06$9VgqESpEGt1WLCJPgr/3J.';
$HandleAuth['diff'] = 'edit';
- authuser plugin
The only thing I can think of is that per a question I had here the
other day in another thread "Problems adding my pmWiki to a different ISP".
I modify the permissions of wiki.d/ so they're 777 instead of 775.
--
Thanks in Advance... http://weconsul.zendurl.com
IchBin, Pocono Lake, Pa, USA http://ichbinquotations.awardspace.com
______________________________________________________________________
'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)
More information about the pmwiki-users
mailing list