[pmwiki-users] Self registration

Peter Bowers pbowers at pobox.com
Thu Jan 22 12:06:30 CST 2009

> -----Original Message-----
> From: pmwiki-users-bounces at pmichaud.com [mailto:pmwiki-users-
> bounces at pmichaud.com] On Behalf Of Eemeli Aro
> 2009/1/21 Patrick R. Michaud <pmichaud at pobox.com>:
> > Until I'm able to see a clearly good decision on this latter point --
> > that is, until it's clear *where* in PmWiki we will store sensitive
> > information such as email addresses -- the rest of the discussion
> > is merely speculation.  At least, it's speculation if I'm expected
> > to support its inclusion in the core.
> I'd say that anything sensitive needs to go to SiteAdmin.AuthUser or
> another single location in the SiteAdmin group. 

I agree.

For the last 40 years or so *nix has put identity and authorization
information into either /etc/passwd or /etc/shadow.  The default, I believe,
is to have all identity/user-info type information (full name, groups, login
shell, etc) in /etc/passwd and the actual authentication tokens in
/etc/shadow.  One could argue that since it's worked well in that context
for decades a similar approach would work well in pmwiki.  Kind of a "stand
on their shoulders" approach.  I personally would vote for a colon-delimited
list of fields -- just as it currently is in AuthUser except more fields
than just the username and hash.  (Do note, however, that the hashed
password can contain a colon so it would need to be the final field in the
list if this approach were used.)

Just a tho't.

Is there an advantage to putting the authentification & user-info type of
data in the profile page?  I don't think I've seen an argument on that side
yet although I may have missed it...


More information about the pmwiki-users mailing list