[pmwiki-users] Newbie Alert!!! - basic site security?

Jeff Schallenberg schallenberg.jeff at gmail.com
Fri Oct 19 10:38:48 CDT 2007


I have just installed a pmwiki site on my Ubuntu server.

It works and looks great - I have configured a logo and a skin, I can create
and edit pages - but that is the problem. This site is to be used for a
private non-profit group - less than a dozen users. I would like to allow
viewing, editing and uploading only by this group.

I have edited the config.php file to include the following lines:

$DefaultPasswords['admin'] = crypt('secret');
$EnableUpload = 1;
$DefaultPasswords['upload'] = crypt('secret');

But, even after restarting the server, I can still edit pages without
entering any password. If I check the recent changes, I see:

   - HomePage<http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.HomePage>.
. . October 19, 2007, at 08:54 AM by ?:
   - NewPage<http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.NewPage>.
. . October 19, 2007, at 08:42 AM by ?:
   - WikiSandbox<http://jeffnet.zapto.org:85/pmwiki/pmwiki.php?n=Main.WikiSandbox>.
. . October 18, 2007, at 08:49 PM by ?:

So, pmwiki doesn't even know who is editing!

How can I protect my pmwiki site so that I have admin privileges, and group
members have read, write and upload privileges.

I have read the documentation on security and passwords, and I understood
that setting passwords in config.php was sufficient to limit edit privileges
to users who know those passwords.

What am I missing?

Thanks for your help! And thanks for the great software!

Jeff Schallenberg



-- 
- Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20071019/bb0e6d2e/attachment.html 


More information about the pmwiki-users mailing list