[pmwiki-users] Self registration

kirpi at kirpi.it kirpi at kirpi.it
Wed Jan 21 16:36:46 CST 2009


Ok, at cost of you Patrick laugh at me for my naive approach, I'll try
and offer my own thoughts on the matter (it took me since yesterday to
distill...).

The issue here is: where to store sensitive informations such as
passwords and email addresses

The straighest approach would be to use a separate plain text file
(comparable to .htpasswd) for storing data. In some ways this is a
well tested method. But, as things are evolving in the wiki, one might
want to let such a text be directly editable, and here comes the
SiteAdmin.AuthUser page[1]. As also Peter Bowers recently stated[2],
such a page could be used to store identities (as well as groups).
Two notes on the matter come to my mind now:
 a) it could be worth to add some extra fields, something like
DokuWiki[3] when a user self-registers.
 b) issues might arise in case of concurrent edits: what if, while an
admin is manually editing the page, somebody self-register?
On the whole, such an approach seems sound, just an extension to the
current system.

A quite different path would be writing/reading sensitive data to/from
Profile pages. Granted that nobody is willing to expose personal data
by default, I would suggest to put such a string into that part of the
wiki page[4] which:
 - is first scanned, no matter how long any page will be
 - is not visible to anybody, but still accessible to admins, just in case
Thus, let's imagine that Patrick fills-in a form and registers; the system will:
 - create a Profile.Patrick page
 - write this string
Patrick:$1$wSP2R80i$sJ593ERCmTtjm3Fk26HCV1:Patrick R. Michaud:pmichaud at pobox.com
along with other keys. The ctime here will be useful also in order to
know when the user subscribed
 - lock for edits Profile.Patrick with the id/password set to respective owner
The whole personal page is then available to its owner to be filled
with whatever contents (s)he feels like, kept private, made openly
readable to anybody or password protected with a "quick" password to
share among friends.

Both systems looks good to my newbie eyes.
Now, what are the cons of them, please?

Luigi

----
[1] http://pmwiki.org/wiki/SiteAdmin/AuthUser
[2] http://pmichaud.com/pipermail/pmwiki-users/2009-January/053390.html
[3] http://www.dokuwiki.org/auth:plain
[4] http://pmwiki.org/wiki/PmWiki/PageFileFormat



More information about the pmwiki-users mailing list