On Thu, Mar 15, 2007 at 02:21:32PM -0400, The Editor wrote: > If I read protect a group, will that be sufficient to > > 1) protect its contents from action=diff? > 2) protect its contents from action=source? > 3) Text Vars being read from it onto other pages?
Yes, at least with the core. (I make few guarantees as to what other recipes might do that could allow read-protected content to leak. :-) > Second, what is the best way to encrypt/unencrypt passwords. [...] Normally one does not "unencrypt" passwords. Instead, the way passwords work is that one stores the encrypted form of a password, and to check if an entered password matches the stored one, you simply re-encrypt the entered password and make sure that the resulting encryptions match. This is how crypt-based and md5-based password systems work. (PmWiki uses crypt() for its password encryptions.) Any system that uses two-way encryption functions (i.e., allowing stored passwords to be converted back to unencrypted form) is likely to be insecure unless there's a really good mechanism available for keeping the encryption key(s) secret. And you also have to be prepared to handle the case when the key is lost somehow. (I wouldn't consider storing the key in a config file as being "safe".) Pm _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
