[pmwiki-users] Site.AuthList Questions

Tegan Dowling tmdowling at gmail.com
Wed Jun 27 07:01:58 CDT 2007


On 6/27/07, Sivakatirswami <katir at hindu.org> wrote:
>
>
> PMWiki passwords=user unknown.
>
> Well, not exactly... you could still set author required variable
> (I forget out to do that and can't find the variable
> name in the docs any more...).
> which at least forces authors to enter something.




Here's my passwords section (except for configuring uploads, which are below
this section)

// Site passwords

        $PmWikiAdmin = crypt('myadminpassword');
        $PmWikiUser = crypt('mysitewideuserpassword');
        $DefaultPasswords['admin'] = $PmWikiAdmin;
        $DefaultPasswords['attr'] = $PmWikiAdmin;
        $DefaultPasswords['edit'] = $PmWikiUser;
        $HandleAuth['source'] = 'edit';
        $HandleAuth['diff'] = 'edit';
        ##example array of passwords for syntax reference
        #    $DefaultPasswords['whatever'] = array(crypt('alpha'),
crypt('beta'));

    //Require author name -
http://www.pmwiki.org/wiki/Cookbook/RequireAuthor
    $EnablePostAuthorRequired = 1;

    //Author cookie
    include_once("$FarmD/scripts/author.php");
    if($AuthId && !@$_COOKIE[$AuthorCookie]) {
    $Author = $AuthId; setcookie($AuthorCookie,
    $Author, $AuthorCookieExpires, $AuthorCookieDir); }

They could of course mask their true identity. Or someone who got
> hold of a password could spoof a trusted user's identity.
>
> So then the question becomes: can one live
> without being absolutely certain of the author?
>
> I guess the easy path forward is to start with PMwiki passwords only and
> then
> see if a real "business case" emerges that mandates strict user
> authentication.


That's been my approach, and so far such a case hasn't emerged for me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070627/2fee44b4/attachment.html 


More information about the pmwiki-users mailing list