[pmwiki-users] Find out which passwords are set

Petko Yotov 5ko at 5ko.fr
Fri Sep 25 15:30:51 CDT 2009


On Friday 25 September 2009 16:42:24 Mike wrote:
> Hello everyone,

Hello!

> Now I have a particular page which I want to be available to all users
> of the @readers group, as well as to anyone who know one of four passwords.
> 
> So I set the read attribute to
> @readers pw1 pw2 pw3 pw4
> 
> Now unfortunately, if after 4 months I come back and forgot which
> passwords I distributed, I cannot determine this anymore. All I see is
> @readers *** *** *** ***.
> 
> Would there be any way to find out in a way as convenient as possible,
> which passwords have been set for which page?

No, the page does not store the real passwords, but one-way encoded hashes -- 
it can verify that the user knows the real password, but cannot decode back 
the password from the hash.

It's a security measure, to prevent an attacker who managed to get the disk 
files to learn your real passwords.

> In particular, the problem arises when I want to distribute one more
> password but maybe forget one of the older ones: it then becomes
> unusable which I did not want to achieve.

If you disable a password because you don't remember it, the people who use it 
will call you, and you can fix it at that time. You can leave them a message 
not to panic, on your page [[Site.AuthForm]], it will appear on the login 
form.

Thanks,
Petko



More information about the pmwiki-users mailing list