[pmwiki-users] PmWiki and Pagelist as report generator

Fri Aug 22 13:10:24 CDT 2008

On Fri, Aug 22, 2008 at 6:11 PM, Steve Glover <steve.glover at ed.ac.uk> wrote:
> Wow. This is looking better and better. I do have one concern, though:
> WikiSh depends on SecLayer, which has a status of "Alpha, Experimental".

I leave most of my recipes in an "alpha, experimental" state for quite
a while.  If I did this full time then I could devote the time
necessary to do full testing, but as it is it's just a hobby and so I
simply don't do the kind of testing to make me feel I could call it a
full release.  Probably SecLayer is beyond "Alpha, Experimental" and
at least "Alpha" and perhaps "Beta" but I'd rather be cautious...  The
more people that use it the more confident I feel, but I'm not in any
rush...  (Hey, I'm following in PM's footsteps who has been running
the most solid product in the world to still carry the label "beta"
for umpteen years now... :-) )

In the end if you go with either fox or wikiforms you will be using
tools which have been around longer and have more people using them
and thus more "testers".  I feel pretty confident that this WikiSh
application will do what you want without difficulties, but it would
definitely make sense to look at the other options out there as
well...

> We're already using UserAuth for fairly fine-grained acces control (four or
> five classes of user/editor/admin types with different levels of access to a
> similar number of Groups) - if I install SecLayer am I going to have to make
> a lot of changes?

In terms of what changes you would need to make with UserAuth there
should be nothing (although I'll be honest that I've never tested
WikiSh under UserAuth -- I only test under the simple password scheme
and with authuser enabled).  SecLayer is as its name implies: an
additional LAYER of SECurity that sits on top of the page-based
authorization scheme.  It is definitely NOT a substitute for UserAuth.
 Thus WikISh honors all those authorizations but allows you to
"narrow" things further through the use of SecLayer.  If you are happy
with your UserAuth settings and feel they are secure enough then you
could theoretically give full read and full edit access through
SecLayer.  However, I would advise a more cautious approach just to be
on the safe side and allow only what is actually needed.

I would suggest putting all those pages that comprise your "database"
in a single group (I've used WikiShForms) and then giving it
permission as follows:

WikiSh.*: read   # needed in order to pick up the WikiShForms-GroupRC
function definition
WikiShForms.*: read, create
WikiShForms.Trail: read, create, append

Since the main page-writing in this case is done in the "writeptv" MX
which is MiscMX rather than WikiSh, it doesn't deal with SecLayer at
all and relies solely on authuser.  Thus you don't have to give
"overwrite" authorization at all.

Anyway, that's a long answer, but basically the recommendation is to
give what authorization is needed, just to maintain as tight a level
of security as is possible.

-Peter