[pmwiki-users] a spammed wiki can look like this :-) - protect your wiki!
Radu
radu at monicsoft.net
Sat Mar 5 12:36:16 CST 2005
At 07:24 PM 3/4/2005, Patrick R. Michaud wrote:
> For example, if it's a group password
>that is restricting access to a feature, then the password
>prompt will say something like "Password required by group XXX"
>or "Password required by site default" instead of simply
>"Password required". This way others (especially administrators)
>can see more clearly what the password system is doing and
>how to correct it.
How about "[Edit|Admin|Show] password required [for [this page|group
XXX|this wikisite]]"
>(Perhaps the button or marker that indicates that
>a password has been set can also be a link to clear it.
>Somehow I don't like that.)
Button/icon ideas (probably already fielded by others)
edit(pad with pencil)
show(eye)
admin(couple of checkboxes in a square)
All icons would be visible at all times, but when password is active, a
lock with a letter on it would show up (p for page password, g for group
password, s for site-wide) that makes a total of 12 gifs.
I'm going to add these to the skin I'm currently using and then ask Hans
for permission to post it in the skins area.
>While we're at it, we ought to come up with a clearer
>mechanism that does what "nopass" does -- i.e., allow
>access to do something in spite of a group-wide or
>site-wide password that would normally restrict it.
Yeah, this was unclear to me too.
As for the authorization/authentication split present in PmWiki, I want to
cast my vote for it. Makes for easier admin of sites with groups of people
who trust each other.
However, for open wikis, I can see the need to integrate the two As into a
login.
Maybe they should be two modules that people pick: A/A and Login.
>PmWiki's current password system performs authorization without
>authentication
Naw, it merely separates them, as any civilized social group would:
Authorize is handled by passwords (very flexible system - I love it!)
Authenticate is handled by the Author field/IP number
> user:Bob mysecret user:-Mallory
>
>will mean that Bob is granted access, as well as anyone
>who knows the password "mysecret", but never Mallory.
>(If Mallory is logged in and knows the authorization password,
>she is still denied access to the page -- she must log out in
>order to edit the page.)
great and useful, but hard to keep track of if you'll still allow per-page
and per-group settings. It adds a new dimension (user) to the already 3D
password matrix.
>Eventually I know some sites will want to be able to establish
>groups of authenticated users and be able to specify access
>controls such as "group:editors" or "group:admins", but I'm
>saving that for a later revision.
5th dimension. And the matrix becomes sparse. Aw! poor admins :)
Cheers,
Radu
(www.monicsoft.net)
More information about the pmwiki-users
mailing list