[pmwiki-users] Proposed change to password memorization

Patrick R. Michaud pmichaud at pobox.com
Thu Feb 24 09:03:12 CST 2005 

I have an idea for slightly changing the way that PmWiki remembers
passwords entered via a browser, but I want to get feedback from
this group first.

As many of you know, when an author attempts to access a password-
protected page or feature, the author enters his/her password into
the browser.  PmWiki then remembers that password for the remainder
of that session -- i.e., until the browser window is closed.

This works fairly well, as authors aren't constantly re-prompted
for passwords they have already entered.  However, for administrators
and authors who are setting passwords on pages, the fact that
PmWiki remembers passwords can be very confusing/annoying, because 
it's difficult to determine where passwords have been set.  The
administrator must close all of his/her browser windows to clear
the passwords entered during the current session.

My proposal is to have the session's passwords automatically
forgotten whenever the "change attributes" form is used.

As an example that illustrates the difficulty of the current system, 
suppose an administrator wants to set an edit password on Main.SomePage.  
This administrator would then:

  1.  Navigate to Main.SomePage?action=attr
  2.  Be prompted for a password (because ?action=attr is protected in Main)
  3.  Enter the admin password for the site
  4.  Receive the "Change Attributes" form
  5.  Enter a new edit password for Main.SomePage
  6.  Press "Save"

Okay, at this point the administrator has set an edit password on
Main.SomePage.  Now of course he would like to verify that the edit
password works, so he browses to Main.SomePage, clicks "Edit Page",
and is instantly taken to the edit page screen without being prompted
for a password.  The admin's first thought will be "Hey, it didn't 
work!" and he will start trying to figure out what went wrong,
even though he did everything right.

The misdirection comes because PmWiki remembers all passwords entered
during a browsing session, and since the admin password was entered
in step 3 above, PmWiki remembers it and therefore doesn't prompt for
a password.

What we need is an easy way to tell PmWiki to "forget all passwords"
without having to close the browser window.  My first thought was
to provide the equivalent of a "Logout" link somewhere on the site.
This can be done fairly easily, but it adds yet-another-item to the 
page display (and an infrequently used one at that), and since
we don't have logins it's not really clear what logging out does.

Now then, when would this "logout" link get used?  For this example,
it would be used right after someone has set a password on a page
and wants to test it.  Thus the obvious place to have PmWiki forget
a session's passwords is when a new password has been set -- i.e.,
at the change attributes form.  Thus someone setting passwords
on pages would always be able to test them without having to
close browser windows.  This is true even if the admin password
has been entered.

I think this resolves a lot of the confusion -- authors who are doing
edits, uploads, and other protected activities still only enter the
password once and it's good for the remainder of the session, while
those who are setting or changing passwords will get prompted for
them for testing purposes.

While I'm at it, I will probably also add an ?action=logout that
also clears session passwords, as an alternate mechanism.

Comments, suggestions?  Anyone see anything I'm overlooking?

Pm

More information about the pmwiki-users mailing list