[pmwiki-users] Site.AuthList Questions
Tegan Dowling
tmdowling at gmail.com
Wed Jun 27 07:01:58 CDT 2007
On 6/27/07, Sivakatirswami <katir at hindu.org> wrote:
>
>
> PMWiki passwords=user unknown.
>
> Well, not exactly... you could still set author required variable
> (I forget out to do that and can't find the variable
> name in the docs any more...).
> which at least forces authors to enter something.
Here's my passwords section (except for configuring uploads, which are below
this section)
// Site passwords
$PmWikiAdmin = crypt('myadminpassword');
$PmWikiUser = crypt('mysitewideuserpassword');
$DefaultPasswords['admin'] = $PmWikiAdmin;
$DefaultPasswords['attr'] = $PmWikiAdmin;
$DefaultPasswords['edit'] = $PmWikiUser;
$HandleAuth['source'] = 'edit';
$HandleAuth['diff'] = 'edit';
##example array of passwords for syntax reference
# $DefaultPasswords['whatever'] = array(crypt('alpha'),
crypt('beta'));
//Require author name -
http://www.pmwiki.org/wiki/Cookbook/RequireAuthor
$EnablePostAuthorRequired = 1;
//Author cookie
include_once("$FarmD/scripts/author.php");
if($AuthId && !@$_COOKIE[$AuthorCookie]) {
$Author = $AuthId; setcookie($AuthorCookie,
$Author, $AuthorCookieExpires, $AuthorCookieDir); }
They could of course mask their true identity. Or someone who got
> hold of a password could spoof a trusted user's identity.
>
> So then the question becomes: can one live
> without being absolutely certain of the author?
>
> I guess the easy path forward is to start with PMwiki passwords only and
> then
> see if a real "business case" emerges that mandates strict user
> authentication.
That's been my approach, and so far such a case hasn't emerged for me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070627/2fee44b4/attachment.html
More information about the pmwiki-users
mailing list