[pmwiki-users] Problem with securing my website using login for updating
IchBin
weconsul at ptd.net
Fri Jan 12 12:57:32 CST 2007
IchBin wrote:
> IchBin wrote:
>> This has never happened before but here goes. I just moved my website to
>> a new hosting site. I just entered a bad admin login name and correct
>> password. It let me open up that page for editing. So I tried to enter a
>> makeup userid and makeup password. It let me open up the editor for
>> editing that page. I am not sure how this is happening.
>>
>> I just noticed that I had 30 user on my website. I just put a .htaccess
>> file in the root to block anyone until I get this problem fixed.
>>
>> Nothing have changed I have this:
>>
>> - this in my config:
>> $DefaultPasswords['admin']='$1$Pw1cjg06$9VgqESpEGt1WLCJPgr/3J.';
>> $DefaultPasswords['attr']= '$1$Pw1cjg06$9VgqESpEGt1WLCJPgr/3J.';
>> $DefaultPasswords['edit']= '$1$Pw1cjg06$9VgqESpEGt1WLCJPgr/3J.';
>> $HandleAuth['diff'] = 'edit';
>>
>> - authuser plugin
>>
>> The only thing I can think of is that per a question I had here the
>> other day in another thread "Problems adding my pmWiki to a different ISP".
>>
>> I modify the permissions of wiki.d/ so they're 777 instead of 775.
>>
>>
>
>
> I am running pmwiki-2.2.0-beta19 Version Number 2001919
>
> The website, that I FTP'ed to the new Host site at weconsul.zendurl.com,
> is working on my windows pc. The page login is checking correctly.
>
Maybe I can get some one to respond to this thread with this information.
I have had a site up for at least six months. It is currently running
pmwiki-2.2.0-beta18 Version Number 2001918. I have an 'admin' userid. If
I enter 'jsndcipadmin12jsad' for my *userid* and the correct password it
opens the screen for editing. So the check for userid passed because it
happen to have 'admin' embedded in that made-up userid.
More importantly, my general question for my other website is, what lets
anyone enter anything into a USERID and PASSWORD for 'EDIT' which open
up a edit panel for that page? This is what I am asking in this thread.
--
Thanks in Advance... http://weconsul.zendurl.com
IchBin, Pocono Lake, Pa, USA http://ichbinquotations.awardspace.com
______________________________________________________________________
'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)
More information about the pmwiki-users
mailing list