[Pmwiki-users] Easily Hackable?

H. Fox haganfox
Thu Apr 1 15:03:54 CST 2004


Patrick R. Michaud wrote:
> Except for using HTTP-Digest authentication instead of HTTP-Basic, this
> setup is not any more secure than simply password protecting pages with
> PmWiki.  This would only be more hackable to someone who is able to
> somehow watch the HTTP headers transferred between the client and 
> server.

I see.  The Apache documentation says "[o]nly the most recent versions 
of clients are known to support Digest authentication," so the extra 
protection comes at a cost of browser compatibility.

Here are a few advantages I perceive for using .htaccess vs. PmWiki's 
built-in authentication.

- Access restrictions may be common with other pages outside the wiki.
- Groups (of users) may be defined, allowing each individual to
   have their own password.
- Author tracking may be forced.

> Also, instead of creating the symlinks I'd probably just create a
> script to chdir to the editable wiki and run things from there.
> You can see an example of this in the "Making a wiki script" section
> of PmWiki.ChangePmWikiUrl (at least until I refactor that page in the
> next couple of days).

It appears your days are very short!  :)

Thanks,

Hagan



More information about the pmwiki-users mailing list