[pmwiki-users] security (again!)

Guillermo Calderon - INCO calderon at fing.edu.uy
Fri Mar 6 12:51:09 CST 2009

James M escribió:
> It seems that the login pages on pmwiki are `en clair' (unencrypted - eg 
> not https). Is there any way around this, apart from hosting the whole 
> site on https ?
> The IT guru who guards our servers at university is unhappy about having 
> pmwiki installed where passwords are transmitted without being encrypted.

In a previous message I wrote this:

I have implemented a simple solution where only passwords are sent
    via SSL and the other posts are sent via http.

In config.php:

SDVA($InputTags['auth_form'], array(
     ':html' => "<form

This way the action field of the auth-form sends  all the information
via https.

More information about the pmwiki-users mailing list