[pmwiki-users] detecting default password changed

adam overton a at plus1plus1plus.org
Fri Aug 22 20:39:34 CDT 2008

figured there may be some other concerns.
for my situation, luckily i just need a helpful tip for those new to  
the site, nothing more, so 95% should do the trick...

On 22 Aug 2008, at 3:47 AM, Peter Bowers wrote:

> On Fri, Aug 22, 2008 at 10:28 AM, adam overton  
> <a at plus1plus1plus.org> wrote:
>> i noticed that when a user creates a new group, the group  
>> attributes page
>> doesn't exist yet -- it's only created once the user goes to  
>> change the
>> password and clicks 'save'...
>> so i'm guessing (:if exists Group.GroupAttributes ... should work...
>> that almost seems too easy though... anyone foresee any problems  
>> with that
> It would give you a high percentage of accurate "hits" but there are
> many different ways that checking for the existence of this page could
> result in something OTHER than what you are looking for:
> (1) Someone sets the password and then clears the password - page
> still exists but no password
> (2) Someone sets the password to the same as the site-wide one (this
> is going to be a problem in any case)
> (3) Someone sets the read password or the upload or the attr password,
> but the edit password is not set.  (Does read cascade to edit at the
> group level first or does pmwiki look for a site edit password before
> it cascades?  Not sure...)
> (4) What you've described here doesn't look at all into the
> possibility of a page-level password rather than a group-level
> password.
> (5) Potentially others as well...?
> So if you're looking for a 95% sure solution then checking existence
> is probably enough.  And that may be good enough if all you're doing
> is giving a helpful message to remind users.  If you are looking for
> 100% then you probably need to keep looking...
> -Peter

More information about the pmwiki-users mailing list