[Pmwiki-users] Authentication
J. Perkins
jason
Wed Jun 16 17:55:31 CDT 2004
Giving some thought to authentication for nested pages, but had some
comments about the topic in general...
I believe that the process should be split up into three parts:
(1) Identification - getting the user ID and/or password
(2) Authentication - making sure ID is valid
(3) Authorization - determining if user has sufficient rights
For instance I might have (1) a logon form with username and password
fields, (2) code to check the fields against a database table, and (3) a
list of users who are allowed to edit the current page. If I want to
read my user list from a file instead of a database, I only have to swap
out (2), reusing (1) and (3). If I want to automatically grab the user
name using NTLM or some other scheme, I only have to replace (1).
I think the core wiki (pmwiki.php) should not contain any built-in
scheme, instead delegating to addons. Security support in the core file
can be reduced to:
if (isset($AuthFunction))
$AuthFunction($pagename, $action);
...called right before '$HandleAction[$action]' and returning if
successful or calling 'exit;' if authorization fails.
This makes the system considerably more flexible and separates the
question of "how do I manage users" from "how do I manage access", as
well as increasing the possibilities for reuse.
I have some ideas on how each of these parts might be implemented, but
what it comes down to is that there is no one solution that will work
for everyone. In fact, I am increasingly of the opinion that there
should not be a default authentication scheme.
Jason
More information about the pmwiki-users
mailing list