[pmwiki-users] Bug or feature? Exiting from action=attr without changing passwords clears them up

Randy randy at brownragfilms.com
Tue Jan 15 22:51:02 CST 2008


Only having to enter a password once per session is a feature. For  
those who make lots of edits, it's essential.

The best way to protect your page when you're away from your machine  
is to log out. (I think that works on the base installation. It  
certainly does when there is user authentication.) Try adding "? 
action=logout" to the URL of any page. That should wipe clear your  
passwords. BTW, logout should happen automatically after enough time  
as passed. How much time depends on the configuration.

Randy


On Jan 15, 2008, at 10:37 PM, Steven Benmosh wrote:

> Seems to me that when I go to a password protected page (of course  
> with the password) with the ?action=attr option, and then leave the  
> page without changing or clearing any of the passwords on display, I  
> can then re-enter the page in edit mode, without having to put in  
> the password again.
>
> I tried closing the tab to pmwiki, and then clear the privacy  
> options in firefox, but it was not until I cleared all cookies that  
> I was asked for the edit password again.
>
> I assume this glitch is only on the local machine, but I leave my  
> browser on for days at a time, so this is not such a good thing to  
> happen, security wise.
>
> Is that the expected behavior, or is it a bug? If the former, is  
> there something I can do, short of clearing all cookies, to turn it  
> off?
>
> Thanks.
>
> -- 
> Check out my web site - www.words2u.net  
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20080115/ad6f073e/attachment.html 


More information about the pmwiki-users mailing list