[pmwiki-users] User Registration/Login?
ben at interdependentweb.com
Sun Sep 2 02:20:28 CDT 2007
> Is ZAP secure? I remember some long threads just talking about it.
> I'm sorry if it is not true, but that's how I remember it and the reason why
> I'm trying to code a registration recipe myself.
For those who didn't read those long threads talking about ZAP security,
here's the quick summary: ZAP is based on the assumption that you will
only let people you trust edit pages on your wiki. Like CommentBox and
some other forms recipes, ZAP allows users without edit privileges to
write predetermined kinds of information to pages, but unlike those
other recipes, anyone *with* edit privileges can determine the kinds of
information that are written. So if you want your wiki to be open to
editing by any and every person and bot on the Internet, as it is by
default, then ZAP is not for you.
However, if you only allow people you trust to edit pages, then ZAP is
as trustworthy as they are. Unfortunately installing ZAP does not lock
down your site; you have to do that yourself as a separate step. That's
part of why I plan to release a ZAP CMS bundle with all of that already
done, so that it can be secure out of the box.
As for a separate registration recipe, that's great! I hope you will
make it compatible with the PmForms framework if possible. Thanks!
More information about the pmwiki-users