On Fri, Aug 22, 2008 at 6:11 PM, Steve Glover <[EMAIL PROTECTED]> wrote: > Wow. This is looking better and better. I do have one concern, though: > WikiSh depends on SecLayer, which has a status of "Alpha, Experimental".
I leave most of my recipes in an "alpha, experimental" state for quite a while. If I did this full time then I could devote the time necessary to do full testing, but as it is it's just a hobby and so I simply don't do the kind of testing to make me feel I could call it a full release. Probably SecLayer is beyond "Alpha, Experimental" and at least "Alpha" and perhaps "Beta" but I'd rather be cautious... The more people that use it the more confident I feel, but I'm not in any rush... (Hey, I'm following in PM's footsteps who has been running the most solid product in the world to still carry the label "beta" for umpteen years now... :-) ) In the end if you go with either fox or wikiforms you will be using tools which have been around longer and have more people using them and thus more "testers". I feel pretty confident that this WikiSh application will do what you want without difficulties, but it would definitely make sense to look at the other options out there as well... > We're already using UserAuth for fairly fine-grained acces control (four or > five classes of user/editor/admin types with different levels of access to a > similar number of Groups) - if I install SecLayer am I going to have to make > a lot of changes? In terms of what changes you would need to make with UserAuth there should be nothing (although I'll be honest that I've never tested WikiSh under UserAuth -- I only test under the simple password scheme and with authuser enabled). SecLayer is as its name implies: an additional LAYER of SECurity that sits on top of the page-based authorization scheme. It is definitely NOT a substitute for UserAuth. Thus WikISh honors all those authorizations but allows you to "narrow" things further through the use of SecLayer. If you are happy with your UserAuth settings and feel they are secure enough then you could theoretically give full read and full edit access through SecLayer. However, I would advise a more cautious approach just to be on the safe side and allow only what is actually needed. I would suggest putting all those pages that comprise your "database" in a single group (I've used WikiShForms) and then giving it permission as follows: WikiSh.*: read # needed in order to pick up the WikiShForms-GroupRC function definition WikiShForms.*: read, create WikiShForms.Trail: read, create, append Since the main page-writing in this case is done in the "writeptv" MX which is MiscMX rather than WikiSh, it doesn't deal with SecLayer at all and relies solely on authuser. Thus you don't have to give "overwrite" authorization at all. Anyway, that's a long answer, but basically the recommendation is to give what authorization is needed, just to maintain as tight a level of security as is possible. -Peter _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
