[pmwiki-users] pmwiki-2.0.beta29 out, needs testers and feedback

Patrick R. Michaud pmichaud at pobox.com
Tue Apr 12 20:42:40 CDT 2005


On Tue, Apr 12, 2005 at 08:56:04PM -0400, Crisses wrote:
> 
> On Apr 12, 2005, at 12:55 AM, Patrick R. Michaud wrote:
> 
> >User-based authentication can completely coexist and mix freely with
> >password-based authentication, thus an edit password of
> >"id:alice glorp" will allow Alice and anyone who knows the
> >password "glorp" to edit the page.
> 
> Does this mean that if a password is "alice" and a username is "alice" 
> both will be able to see the page?

No, not really (at least not as I interpret your question).  When user 
authentication is active the "password required" prompt will have both
a name field and a password field.  An author that enters "alice" in the
username field (along with Alice's password) would have access to
all pages with "id:alice" authorization.  An author that enters
"alice" in the password field would gain access to all pages with
"alice" set as a password.  

> This represents a hazard if users are allowed to create passwords.

I'm not sure I see the hazard you're envisioning, so let me know.  :-)

Pm





More information about the pmwiki-users mailing list