[pmwiki-users] PHP 5.3 auth issues [was: Reinstall]

paul badger pbadger at verizon.net
Mon Oct 5 10:45:49 CDT 2009 

I think I may have spoken too soon on this - It 
seems that I was using two numerals for a login, 
which appear to be dissallowed.

Paul








Rogutòs


No joy for clean install.
I did use my config.php file from other, but 
edited it. There are no cookbook lines in it, but 
it doesn't mean I didn't screw something else up. 
I can send you the file if you want.

I've been over security docs and suggestions for 
last hour or so - don't know if I really 
understand it yet but getting there

On authuser  it says:

"This site appears to have the authuser extensions enabled. "
So that part is not broken.

After I set a name and password there, such as

paul: (:encrypt myPassword:)

should I be able to edit the homepage with this login?
Or do I have to set group permissions or somewhere?

Thanks for your help,

paul







>Paul Badger (2009-10-04 22:46):
>>  These lines below seem to have fixed the upload problem with php 5.3.0.
>>
>>  # temprorary workaround for PHP 5.3 login issues
>>  # pmwiki.org/wiki/PITS/01141
>>  $_REQUEST[session_name()]=1;
>>
>>  I did have to set permissions on the upload folders at 777 though.
>>
>>  Any opinions on whether this represents a security issue?
>
>The workaround line shouldn't have any security implications. At least
>not more than running PHP 5.3.0 before the bugs are explained and fixed
>(remember that using workarounds is far from fixing).
>
>Making uploads/ world-writable is what most people do with PmWiki (and
>other webapps that need to write files). Security of this depends
>on your server's configuration.
>
>>  Also authuser functionality now seems to be broken now. ie defined
>>  passwords no longer work.
>>  Would this have been expected?
>
>No, it works here. Could you test whether AuthUser works with a fresh
>install, without any recipes (you can simply unpack PmWiki into
>a separate directory, make wiki.d/ world-writable, enable authuser in
>config.php and copy your password from SiteAdmin.AuthUser)?
>
>--
>--  Rogutòs Sparnuotos
>
>_______________________________________________
>pmwiki-users mailing list
>pmwiki-users at pmichaud.com
>http://www.pmichaud.com/mailman/listinfo/pmwiki-users


_______________________________________________
pmwiki-users mailing list
pmwiki-users at pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users

More information about the pmwiki-users mailing list