[Pmwiki-users] PmWiki password puzzles

Ciaran ciaranj
Mon Aug 30 10:15:26 CDT 2004


I like #2 and #3, although Alex' point is very well made, but that
could happen by co-incidence anyway ?  Its not really more likely to
occur just because the browser's caching the password, the user would
instinctivly try their password anyway...

As to keeping track of whether a page is password protected, perhaps
we could have a variable to use in the template that tells us whether
they're in password-edit mode or password-read mode etc ?
- Ciaran


On Mon, 30 Aug 2004 16:22:14 +0200, Alexandre Courbot
<alexandre.courbot at lifl.fr> wrote:
> 
> >>*** Q1: Any one have comments in favor of or against switching to
> >>session-based authentication as the default?
> >
> >
> > Seems like a good optimization for the common case.
> 
> I think too. I've just set up the devel version of PmWiki to start a new
> site, and unfortunately I'm in the case where I can't use HTTP-based
> authentication. And I don't have a sessionauth script with this version.
> 
> Anyway, using session-based authentication by default is not really
> likely to bother people (and if it does, they should be able to include
> an httpauth script).
> 
> >>  1. Leave things as they are--someone wanting to avoid the
> >>     alternating edit+read password problem in pages would then set
> >>     the edit password in both the edit and read password fields.
> >>  2. Have the system assume that a person who knows the edit or
> >>     attribute password is automatically given read permission to a
> >>     page without having to explicitly enter or know the read
> >>     password.
> >>  3. Have the system cache all of the passwords that have been entered
> >>     during a browser session, and test each page request against the
> >>     set of passwords (so that a user would only have to enter each
> >>     unique password once per browsing session).
> >>
> >>*** Q2: But my question is, what should be PmWiki's "default" setup in
> >>the distributed version?
> >
> >
> > #2 and #3.
> 
> #2 is good IMO, since the levels are inclusive. #3 might allow a user to
> have access to a page he shouldn't, if by chance they have the same
> password (even though the user doesn't know it).
> 
> Alex.
> --
> Alexandre Courbot
> PhD Student - LIFL/RD2P
> http://www.lifl.fr/~courbot/
> 
> 
> 
> --
> Pmwiki-users mailing list
> Pmwiki-users at pmichaud.com
> http://pmichaud.com/mailman/listinfo/pmwiki-users_pmichaud.com
> 


-- 
- Ciaran
http://www.wombatinvasion.com/ (Share the love)



More information about the pmwiki-users mailing list