[pmwiki-users] Self registration
pbowers at pobox.com
Thu Jan 22 12:06:30 CST 2009
> -----Original Message-----
> From: pmwiki-users-bounces at pmichaud.com [mailto:pmwiki-users-
> bounces at pmichaud.com] On Behalf Of Eemeli Aro
> 2009/1/21 Patrick R. Michaud <pmichaud at pobox.com>:
> > Until I'm able to see a clearly good decision on this latter point --
> > that is, until it's clear *where* in PmWiki we will store sensitive
> > information such as email addresses -- the rest of the discussion
> > is merely speculation. At least, it's speculation if I'm expected
> > to support its inclusion in the core.
> I'd say that anything sensitive needs to go to SiteAdmin.AuthUser or
> another single location in the SiteAdmin group.
For the last 40 years or so *nix has put identity and authorization
information into either /etc/passwd or /etc/shadow. The default, I believe,
is to have all identity/user-info type information (full name, groups, login
shell, etc) in /etc/passwd and the actual authentication tokens in
/etc/shadow. One could argue that since it's worked well in that context
for decades a similar approach would work well in pmwiki. Kind of a "stand
on their shoulders" approach. I personally would vote for a colon-delimited
list of fields -- just as it currently is in AuthUser except more fields
than just the username and hash. (Do note, however, that the hashed
password can contain a colon so it would need to be the final field in the
list if this approach were used.)
Just a tho't.
Is there an advantage to putting the authentification & user-info type of
data in the profile page? I don't think I've seen an argument on that side
yet although I may have missed it...
More information about the pmwiki-users