[Pmwiki-users] Re: Re: Re: Edit password also used to read pages in PmWiki 2?

Patrick R. Michaud pmichaud
Sat Nov 20 17:19:44 CST 2004


On Sat, Nov 20, 2004 at 11:39:33PM +0100, chr at home.se wrote:
> On Sat, 20 Nov 2004, Patrick R. Michaud wrote:
> > PmWiki checks for read passwords of pages that are included,
> > but it won't prompt for passwords for those pages--it only uses
> > the passwords that have already been entered as candidates for
> > the (:include:)'d pages.
> 
> Ok, so if an included page requires a read password that hasn't been 
> entered yet, it fails. Is this indicated somehow? (Or is it a silent 
> failure?)

Currently it's a silent failure.

> These passwords.. are they stored in a cookie or something? And are they 
> associated with a specific page? So the cookie contains something like:
>  page name, read pwd, edit pwd, ...

Depends on which authentication method is being used.  For HTTP
authentication in PmWiki 1, the browser stores the latest password 
entered and send it whenever PmWiki requests it (which is whenever 
someone is requesting a page to edit, browse, etc.).  The browser
only keeps track of the last password entered, so this is why a page
with separate edit+read passwords generates lots of password prompts.

PmWiki 1's session-based authentication does the same thing, except
it keeps track of the latest password using a PHP session.  The last
password entered is held in a file on the server, and all the browser
receives is a cookie value (basically a number) that is used to
identify the file on the server.  Thus, someone looking at the cookie
can't find out the password being used.

PmWiki 2 extends both of the above by remembering (in session variables) 
any passwords that have been entered using either authentication method.
So, the browser still only gets the cookie value that is used to
identify the session.  And if any password that has been entered
is sufficient to grant access to the page, then access is granted.

Pm



More information about the pmwiki-users mailing list