[pmwiki-users] How to restrict auth to secure connections
Michael Brenner
mik.admin at nurfuerspam.de
Fri Aug 18 11:49:33 CDT 2006
A much more rude variant.
take this into config.php and you will see.
echo $_SERVER['REMOTE_ADDR'];//works too
echo $_SERVER['SCRIPT_FILENAME'];
echo $_SERVER['HTTPS'];
if($action=='edit'||$action=='login'){echo 'Access denied</br>';exit();}
Am Donnerstag, 17. August 2006 18:19 schrieb Michael Brenner:
> I think, I understand your question now, you want to block login-form if
> it's requested from insecure source (not https nor localip). Am I right?
>
> Put somehow a condition into Site.AuthForm using
> (:if enabled VAR:) while VAR is a php-variable you set in config.php
> unluckily (:if:) doesn't seem to work the usual way in Site.AuthForm (?)
>
> Am Donnerstag, 17. August 2006 15:17 schrieb Daniel Rubin:
> > Patrick R. Michaud wrote:
> > > On Thu, Aug 17, 2006 at 10:27:06AM +0200, Daniel Rubin wrote:
> > >>Greetings, everyone.
> > >>
> > >>I'd like to restrict authentication to my wiki such that
> > >> * login is only permitted from connections via https or from
> > >> the local network
> > >> * the authentication form is also only shown under these
> > >> circumstances.
> > >>
> > >>Which is the best way to achieve this?
> > >
> > > So, if someone attempts to access a protected resource from a
> > > non-https connection, you want the system to just return a
> > > "forbidden" response, or ...?
> > >
> > > Pm
> >
> > Not exactly. I only want the _login_ to be rejected if it comes from an
> > insecure source.
> >
> > To be precise,
> > (1) AuthUser should not honor any username and password posts
> > (2) instead of the login form it should return a rejection message.
> >
> > Thanks,
> > ----Daniel
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://host.pmichaud.com/mailman/listinfo/pmwiki-users
More information about the pmwiki-users
mailing list