[pmwiki-users] ZAPforms ? Set ZAP forms password

The Editor editor at fast.st
Thu Nov 16 09:41:10 CST 2006


On 11/16/06, Jiri Hladůvka / OBUTEX <admin at obutex.com> wrote:
> > You can override this in a local config file by resetting these
> > default variables to whatever you want.
> >
> > SDV($ZAPauth[login], "read");
> > SDV($ZAPauth[forms], "zap");
> > SDV($ZAPauth[plus], "admin");
> I still do not understand what the levels mean. Are they module-wide or
> the SDV($ZAPauth[login], "read"); has any meaning using ZAPlogin ?
> I am really confused a bit now as I have no idea what permisions are given
> by SDV($ZAPauth[plus], "admin");

If you set $ZAPauth[login] = "admin"; in a config file, that means the
login features will only be available if the user has admin
permissions for that page.  Not very realistic, but it's what you
could do.  More to the point the regular forms features are available
to anyone that can zap a form (normally id:*) and the plus features
are available to anyone with "admin" status.  Meaning you would have
to override them with a lockpattern if you want others to use these
features.

Though I haven't set it up this way you could also have $ZAPauth[chat]
or $ZAPauth[mail] which would determine what level of permissions
those modules require.

ZAP has extra security BECAUSE it is so powerful.  However I've tried
to also make it simple.  If you do nothing and just use the default
settings, you have very conservative and reasonable safety features.
Basically, anyone can login, any authenticated user can save data, and
the advance features are only available to members if the form has a
lock pattern. If you read the ZAPsecurity page and just skip down to
the last couple lines (the summary) it says all you really need to
know:

Summary: Don't worry about security with ZAP. Just remember to set a
lock pattern if you are using plus features, or you want to give
unauthenticated users something besides a login form.


> Now I prefer to leave the ZAP features untill a good documentation
> is released as I don't feel well if I cannot understand what I am doing.
> I will keep them only in my intranet where the sensual information stay
> "in the house".
>
> Anyway I am looking forward to the documentation as I love the possibilities
> given by ZAP.

I'm not sure how to make the documentation any more clear.  But if you
have suggestions, I'm open to it.  I'll be putting commenting on all
the zap documentation and snippet pages so users can post questions
and answers/explanations as well. Maybe we can make this a bit more of
a community project as ZAP was kind of a huge job for one person.

Cheers,
Caveman


More information about the pmwiki-users mailing list