[pmwiki-users] Problem with securing my website using login for updating

IchBin weconsul at ptd.net
Thu Jan 11 17:31:43 CST 2007


IchBin wrote:
> This has never happened before but here goes. I just moved my website to 
> a new hosting site. I just entered a bad admin login name and correct 
> password. It let me open up that page for editing. So I tried to enter a 
> makeup userid and makeup password. It let me open up the editor for 
> editing that page. I am not sure how this is happening.
> 
> I just noticed that I had 30 user on my website. I just put a .htaccess 
> file in the root to block anyone until I get this problem fixed.
> 
> Nothing have changed I have this:
> 
> - this in my config:
> 	$DefaultPasswords['admin']='$1$Pw1cjg06$9VgqESpEGt1WLCJPgr/3J.';
> 	$DefaultPasswords['attr']= '$1$Pw1cjg06$9VgqESpEGt1WLCJPgr/3J.';
> 	$DefaultPasswords['edit']= '$1$Pw1cjg06$9VgqESpEGt1WLCJPgr/3J.';
> 	$HandleAuth['diff'] = 'edit';
> 
> - authuser plugin
> 
> The only thing I can think of is that per a question I had here the 
> other day in another thread "Problems adding my pmWiki to a different ISP".
> 
> I modify the permissions of wiki.d/ so they're 777 instead of 775.
> 
> 
I am running pmwiki-2.2.0-beta19  Version Num 2001919

-- 
Thanks in Advance...           http://weconsul.zendurl.com
IchBin, Pocono Lake, Pa, USA   http://ichbinquotations.awardspace.com
______________________________________________________________________
'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)





More information about the pmwiki-users mailing list