[pmwiki-users] Self registration
kirpi at kirpi.it
kirpi at kirpi.it
Thu Jan 22 15:38:00 CST 2009
Ok, it is a magic of the internet (and much kindness from him) that
Patrick, a super-expert in the matter, engages talks with me, a
sub-newbie. I am sorry that I cannot "keep his pace": too much
difference in level, skills, attitudes.
:-)
That said, I just copy and paste some of his last sentences:
> As far as safety, I personally would feel much safer with such a
> large password database spread out over many files than in a single
> (essentially text) file.
> if there are hundreds of user records in
> the SiteAdmin.AuthUser page it's more difficult [...].
> If it's in Profile.XYZ then it's easy to locate and manipulate
> directly.
> Also, SiteAdmin.AuthUser stores more information than just usernames
> and passwords, it also stores group memberships. Keeping group
> memberships in individual profile pages would also be much simpler.
> a small mistake in SiteAdmin.AuthUser can suddenly wipe out lots
> of accounts
> Apache offers the ability to keep usernames and
> passwords in .htpasswd files, but those quickly degrade in performance
> as there get to be a larger number of entries. In such cases Apache
> recommends moving to something that allows better random-access
> rather than sequentially scanning a large .htpasswd file (on every
> authentication request).
Patrick recently underlined that I quoted wrongly from him (sorry
Patrick, I didn't mean to).
Now, if I happened to quote right and in the proper context here, I am
under the *very* impression that his well-informed
experience/knowledge is casting *many* votes to the Profile-based
system.
Am I wrong?
Luigi
More information about the pmwiki-users
mailing list