[pmwiki-users] Group passwords

Henrik Bechmann henrik at bechmann.ca
Mon May 12 22:46:02 CDT 2008 

Thanks Tegan,

That worked for the group.

I'm a little surprised by this though:

1. Last time I checked, to edit a page you need to be able to read it 
(ie read permission is implied), therefore conferring edit rights should 
most certainly confer read rights.

2. Requiring explicit matching of passwords where site-wide rights 
should be conferred to groups, obstructs the intention by creating 
unnecessary administrative work (should the site-wide password have to 
change). Seems to me letting groups and pages inherit rights through 
@_site_edit (ie @_site_<whatever-right>), and also letting pages inherit 
group rights with @_group_edit, would make sense, and be natural and 
symmetrical. The current situation, given the potential time and errors 
involved in changing a password scheme is, ironically, a security risk.

3. The apparent application of the publish password to the attribute 
password in the group is just plain nuts (ie a bug.).

Looks to me like this password system could use a bit of attention.

How does all this compare with generally accepted permission scheme 
standards? Am I missing something?

- Henrik

Tegan Dowling wrote:
> On Mon, May 12, 2008 at 5:12 PM, Henrik Bechmann <henrik at bechmann.ca> wrote:
>   
>> When I login with a site-wide edit password, I am challenged for an
>>  additional *read* password for a group for which I have set a read password.
>>
>>  I'm having a little trouble fathoming this. I thought that an edit
>>  password trumps a read password.
>>     
>
> It doesn't.  Read and edit permissions are set separately, and edit
> rights do not confer read rights, any more than read rights confer
> edit rights.
>
> If, in your config.php file, you have
>
>         $DefaultPasswords['edit'] = crypt('userpasswordhere');
>
> Then in any wikigroup named, for example, ProtectedGroup, you need to
> use ProtectedGroup.GroupAttributes?action=attr to:
> Set new read password = userpasswordhere
>
> OR use ProtectedGroup.GroupAttributes?action=attr to:
> Set new read password = specialgrouppass userpasswordhere
> Set new edit password = specialgrouppass userpasswordhere
> (create a space-separated list of passwords for each attribute)
>
> You cannot use ProtectedGroup.GroupAttributes?action=attr to:
> Set new read password = @_site_edit
>
> That doesn't work.  In discussion in this list-serv in 2006, PM said
> that he never intended @_site_edit to be used on
> GroupAttributes?action=attr.
>
> (Everybody please VOTE on http://www.pmwiki.org/wiki/PITS/00836).
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG. 
> Version: 8.0.100 / Virus Database: 269.23.16/1429 - Release Date: 5/12/2008 6:14 PM
>   

-- 

Henrik Bechmann
bechmann.ca
Webmaster, celos.ca webhosting services

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20080512/707d3339/attachment-0001.html

More information about the pmwiki-users mailing list