<HTML>
<BODY>
Thanks! You were right: during my testing I somehow didn't fully logout, so the explicit logout demonstrated that the group WAS protected, without me having to change anything, including the search.<br>
<br>
I did have $EnablePageListProtect = 1; so I think I read that somewhere and tried it.<br>
<br>
But can you tell me how to do what you suggested: "One can configure PmWiki so that DEF pages won't show up in Site.AllRecentChanges at all, but there's not a way to selectively view from Site.AllRecentChanges." ????<br>
<br>
Thanks again!<br>
<br>
-- Robert<br>
<br>
<br>
<-----Original Message-----> <br>
>From: Patrick R. Michaud [pmichaud@pobox.com]<br>
>Sent: 2/26/2007 4:12:03 PM<br>
>To: rlaird@cavediver.com<br>
>Cc: pmwiki-users@pmichaud.com<br>
>Subject: Re: [pmwiki-users] Group security<br>
><br>
>On Mon, Feb 26, 2007 at 02:02:30PM -0800, Robert Laird wrote:<br>
>> <br>
>> "DEF" needs to be a password-protected group... anyone with access to this<br>
>> internal wiki should be able to get to anything in the wiki except for the<br>
>> "DEF" group, unless authenticated.<br>
>> <br>
>> I used the command:<br>
>> <br>
>> http://internalwiki/PMWiki/pmwiki.php?n=DEF.GroupAttributes?action=attr<br>
>> <br>
>> in order to set the group password, and that works. The first time someone<br>
>> who knows the password access the DEF group, it asks for a password. Once<br>
>> authenticated, that user can get to any page in the DEF group.<br>
>> <br>
>> However, someone who is not authenticated only has to do a search, and<br>
>> once a DEF.something page is found, they can click on it and it will<br>
>> display. This is not good.<br>
><br>
>If you've set a read password for the group, then someone who<br>
>has not entered the password should not be able to view the page<br>
>(nor see it in the results of a search). If you're able to<br>
>see the page, then chances are that you've authenticated somehow.<br>
><br>
>Are you sure you aren't already authenticated at the time of<br>
>doing your testing? PmWiki remembers passwords until explicitly<br>
>logged out or all browser windows are closed.<br>
><br>
>Try explicitly logging out with ?action=logout before performing<br>
>the search.<br>
><br>
>> It would also be nice to make sure that Recent Changes won't show DEF<br>
>> pages unless authenticated.<br>
><br>
>One can configure PmWiki so that DEF pages won't show up in<br>
>Site.AllRecentChanges at all, but there's not a way to selectively<br>
>view from Site.AllRecentChanges.<br>
><br>
>> P.S. We're running pmwiki-2.1.beta14<br>
><br>
>Aha! The other thing you will want to do is set the following<br>
>in your local/config.php:<br>
><br>
> $EnablePageListProtect = 1;<br>
><br>
>This tells PmWiki to not display read-protected pages in pagelists<br>
>and search results unless the person is authorized to view the page.<br>
><br>
>Oddly enough, this setting became the default in 2.1.beta15 ,<br>
>so you could try upgrading to a later version of PmWiki and see<br>
>if that improves things for you.<br>
><br>
>Hope that helps, if things still don't seem to be working let us know.<br>
><br>
>Pm<br>
>.<br>
>
</BODY></HTML>
<br><br><div style="tag_ad_s_ord_66_99:ord_66;border-top: 1px #cccccc solid"><a target="_blank" style="FONT-SIZE: 13px; COLOR: #006599; FONT-FAMILY: Trebuchet MS" href="http://tagline.bidsystem.com/fc/CAaCDCZ64Q5jrwDIJ1xbiYBACIkIuuiA/">Click for a second home mortgage, fast & free, no fees, approval today</a></div><br>
<span id=m2wTl><p><font face="Arial, Helvetica, sans-serif" size="2" style="font-size:13.5px">_______________________________________________________________<BR>Get the Free email that has everyone talking at <a href=http://www.mail2world.com target=new>http://www.mail2world.com</a><br> <font color=#999999>Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More!</font></font></span>