On 6/27/07, Sivakatirswami <[EMAIL PROTECTED]> wrote:
PMWiki passwords=user unknown.
Well, not exactly... you could still set author required variable
(I forget out to do that and can't find the variable
name in the docs any more...).
which at least forces authors to enter something.
Here's my passwords section (except for configuring uploads, which are below
this section)
// Site passwords
$PmWikiAdmin = crypt('myadminpassword');
$PmWikiUser = crypt('mysitewideuserpassword');
$DefaultPasswords['admin'] = $PmWikiAdmin;
$DefaultPasswords['attr'] = $PmWikiAdmin;
$DefaultPasswords['edit'] = $PmWikiUser;
$HandleAuth['source'] = 'edit';
$HandleAuth['diff'] = 'edit';
##example array of passwords for syntax reference
# $DefaultPasswords['whatever'] = array(crypt('alpha'),
crypt('beta'));
//Require author name -
http://www.pmwiki.org/wiki/Cookbook/RequireAuthor
$EnablePostAuthorRequired = 1;
//Author cookie
include_once("$FarmD/scripts/author.php");
if($AuthId && [EMAIL PROTECTED]) {
$Author = $AuthId; setcookie($AuthorCookie,
$Author, $AuthorCookieExpires, $AuthorCookieDir); }
They could of course mask their true identity. Or someone who got
hold of a password could spoof a trusted user's identity.
So then the question becomes: can one live
without being absolutely certain of the author?
I guess the easy path forward is to start with PMwiki passwords only and
then
see if a real "business case" emerges that mandates strict user
authentication.
That's been my approach, and so far such a case hasn't emerged for me.
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
