[pmwiki-users] FAST Membership & newuser.php

The Editor editor at fast.st
Tue Jun 27 13:22:44 CDT 2006


Actually, FAST Membership was only a slight rewrite of Htpasswdform
with the added functionality of allowing new users to create their own
account. So essentially it is the same as Htpasswdform for the other
two functions.  Keeping it as a separate recipe just requires parallel
maintenance done on both of them.

I actually like having the functions in separate recipes, as you do
not have to load up recipe functions you don't use.  IE, each recipe
is short and sweet, and does just what you want, no more. Speed is an
issue on my site.

There also may be a potential security risk with the multi-function
version.  Suppose some user just happens to pick a password that is
the same as your admin password.  When they go to update their
password, they suddenly get the whole membership list with full
management capabilities. Unlikely, but possible.  If you only allowed
password changing, or new member creation, there is no risk--though of
course they could go to the actual admin interface buried wherever it
might be.

And on a related note, when I'm editing these other pages (new member,
edit password) as an admin, I can't really see what it will look like
to the user.  All I see anywhere is the admin interface.

Just some thoughts.

Cheers,
Caveman




On 6/26/06, Kathryn Andersen <kat_lists at katspace.homelinux.org> wrote:
> On Mon, Jun 26, 2006 at 09:36:59PM -0400, The Editor wrote:
> > Actually, I was thinking about replacing FAST Membership (a 3 in 1
> > recipe) with this single function recipe and encouraging admins to use
> > Htpasswdform for the remaining functions (changing passwords and an
> > admin interface).  It doesn't seem logical to me to have two separate
> > recipes duplicating the same functionality.  Any input on that?
>
> Well, I actually like having the 3-in-1 stuff, because it has the
> functionality I want in one bundle, instead of having to worry about
> multiple recipes made by different people which need separate
> configuration and may not always work together.
>
> Kathryn Andersen




More information about the pmwiki-users mailing list