[Pmwiki-users] Passwords
Patrick R. Michaud
pmichaud
Thu Jan 15 08:55:06 CST 2004
On Thu, Jan 15, 2004 at 10:59:20AM +0100, Christian Ridderstr?m wrote:
> Suggestions:
> Add explaning text on the attributes page, where the text could say
> something like:
> Note: Once you have pressed 'Submit', you will be asked for the
> ''read'' password before you will be shown <page>.
...except this statement isn't true if no read password has been set, or
if the read password was set to "nopass".
> Another alternative would be that a verification page is shown after you
> have pressed submit. This page could contain something like.
> Markup: Comment:
> You have successfully changed the
> attributes of <page> to the
> following values.
> * The '''read''' password is <pwd> 'view' pwd. instead?
> * The '''edit''' password is <pwd>
> * The '''attribute''' password is <pwd>
Somehow displaying the passwords in a page seems risky to me--pages have
a nasty habit of being cached where people can find them. At most I'd
be able to say "you've set the read, edit, and attr passwords".
> Finally, is there some way that we could get the password dialogs to let
> us know if they want the password for viewing a page, editing it or
> changing the attributes?
Scripts and web documents typically don't get a lot of control over what
appears in the browser password dialog--at most you can set the "realm",
and even that gets displayed differently by different browsers. So,
one approach is to include the operation into the $AuthRealmFmt.
However, if someone wants that much control over the display, a better
choice may be to use the sessionauth.php script, where you can completely
customize the password dialog.
> PS. Maybe the ''read'' password should really be referred to as the
> ''view'' password?
Yup, I think so--several people have asked for 'view' instead of 'read'.
This can be set in local.php:
$PageAttributes['read'] = 'Set new view password:';
Pm
More information about the pmwiki-users
mailing list