Ok, at cost of you Patrick laugh at me for my naive approach, I'll try and offer my own thoughts on the matter (it took me since yesterday to distill...).
The issue here is: where to store sensitive informations such as passwords and email addresses The straighest approach would be to use a separate plain text file (comparable to .htpasswd) for storing data. In some ways this is a well tested method. But, as things are evolving in the wiki, one might want to let such a text be directly editable, and here comes the SiteAdmin.AuthUser page[1]. As also Peter Bowers recently stated[2], such a page could be used to store identities (as well as groups). Two notes on the matter come to my mind now: a) it could be worth to add some extra fields, something like DokuWiki[3] when a user self-registers. b) issues might arise in case of concurrent edits: what if, while an admin is manually editing the page, somebody self-register? On the whole, such an approach seems sound, just an extension to the current system. A quite different path would be writing/reading sensitive data to/from Profile pages. Granted that nobody is willing to expose personal data by default, I would suggest to put such a string into that part of the wiki page[4] which: - is first scanned, no matter how long any page will be - is not visible to anybody, but still accessible to admins, just in case Thus, let's imagine that Patrick fills-in a form and registers; the system will: - create a Profile.Patrick page - write this string Patrick:$1$wSP2R80i$sJ593ERCmTtjm3Fk26HCV1:Patrick R. Michaud:[email protected] along with other keys. The ctime here will be useful also in order to know when the user subscribed - lock for edits Profile.Patrick with the id/password set to respective owner The whole personal page is then available to its owner to be filled with whatever contents (s)he feels like, kept private, made openly readable to anybody or password protected with a "quick" password to share among friends. Both systems looks good to my newbie eyes. Now, what are the cons of them, please? Luigi ---- [1] http://pmwiki.org/wiki/SiteAdmin/AuthUser [2] http://pmichaud.com/pipermail/pmwiki-users/2009-January/053390.html [3] http://www.dokuwiki.org/auth:plain [4] http://pmwiki.org/wiki/PmWiki/PageFileFormat _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
