[pmwiki-users] Passwords for Groups, Pages and Actions
kirpi at kirpi.it
kirpi at kirpi.it
Sun Apr 2 04:44:49 PDT 2023
I am not sure that I understand how pmwiki passwords work, although I have
been using them since many years now.
My website is completely closed for writing and partially open for reading.
In config.php I have:
$DefaultPasswords['admin'] = pmcrypt('adminpassword');
$DefaultPasswords['edit'] = pmcrypt('normalgeneralpassword');
$HandleAuth['browse'] = $HandleAuth['upload'] = $HandleAuth['attr'] =
$HandleAuth['print'] = $HandleAuth['refcount'] = $HandleAuth['diff'] =
$HandleAuth['source'] = $HandleAuth['search'] = 'edit';
This way (I guess) all pages are fully protected both for writing and
reading.
Also, I can choose which actions are closed (all the above are closed for
writing and reading) while, as an example, I keep open presentations
(action=slideshow, see S5 recipe).
But this would open a hole so I should most probably update to
$HandleAuth['browse'] = $HandleAuth['upload'] = $HandleAuth['attr'] =
$HandleAuth['print'] = $HandleAuth['refcount'] = $HandleAuth['diff'] =
$HandleAuth['source'] = $HandleAuth['search'] = $HandleAuth['slideshow'] =
'edit';
Is this approach safe enough? Do you see anything that would raise a
warning, please?
As other actions might exist which might pose a threat, is there a way to
tell the system: "block all actions except xyz", instead?
Moreover, when I try to free reading for a whole group with
www.example.com/GroupName.GroupAttributes?action=attr and place @nopass in
the 'read' field, it does not work and the group is kept closed.
What am I doing wrong, please?
Thanks!
Luigi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20230402/103dcbe7/attachment.html>
More information about the pmwiki-users
mailing list