[Pmwiki-users] security problem -> edit password

Patrick R. Michaud pmichaud
Fri Jan 23 11:24:42 CST 2004


On Fri, Jan 23, 2004 at 01:20:10PM +0100, Christian Ridderstr?m wrote:
> On Fri, 23 Jan 2004 lists at basel-inside.ch wrote:
> > A read password doesn't imply a edit protection,
> > you have to set an edit password as well.
> 
> Hmm... isn't this sort of wrong? Shouldn't a password for read be implied 
> if there's one for reading the page? And similarly, if there's a read 
> password, shouldn't there be one for modifying the attributes?

While PmWiki's current implementation is arguably wrong (I prefer
the word "simplistic" :-), in general I like to keep features as
orthogonal as possible.  In other words, the read password protects
the read operation, the edit password protects the edit operation, etc.
There's precedent for this--for example, on Unix/Linux systems write
permission means that someone can write to a file even though they
cannot read it, and there are applications for which this behavior
is desirable or even necessary.

Thus, even though I can't think of one at the moment, there could be
situations where someone would want to allow page edits even though
page reading is restricted.  However, I'll concede that this is not
the common case, and that there are probably other ways to achieve the
same effect in the current PmWiki authentication system.

And even if we say that a read password implies an edit and attr password,
what should those be?  Should they default to be the read password in
absence of a setting?  (Somehow that seems wrong to me.)  What about 
upload passwords?  What about passwords for other actions and 
capabilities that people may customize into PmWiki (which is definitely 
part of the PmWiki design, BTW).  I don't think the potential 
authorization states can be (or should be) arranged in a strictly 
linear or hierarchical fashion.

On the other hand, we could interpret the read password as being a
form of "basic access" password that is used for any action that 
doesn't otherwise have a corresponding password set.  

Pm



More information about the pmwiki-users mailing list