On Nov 12, 2007 11:10 AM, Patrick R. Michaud <[EMAIL PROTECTED]> wrote: > > > It depends on what you mean by "encrypted password". No matter > the form of the password (encrypted or cleartext), anyone who is > able to obtain the authpw= parameter of the url would be able to use > that value to access the RSS feed. > > It is possible, however, to set up RSS-only passwords -- i.e., > passwords that provide access to the RSS feed(s) but not to > anything else. > > Pm > Yeah, but they wouldn't have the actual password, so they wouldn't be able to use the encrypted value for anything but the RSS, right? I mean, you couldn't then use the encrypted value to edit a page, for example.
The nice thing about this approach is that the password may have read access to some (but not all) pages, simply through the usual way. If you create a RSS-only password, how would you ensure that someone with this password only had access to x page and not y or z? You'd have to specify this somehow, and that seems like it'd be duplicating work--unless there was a way to tie it to another (read) password. Jon Haupt _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
