> -----Original Message----- > From: [email protected] [mailto:pmwiki-users- > [email protected]] On Behalf Of Eemeli Aro > > 2009/1/21 Patrick R. Michaud <[email protected]>: > > Until I'm able to see a clearly good decision on this latter point -- > > that is, until it's clear *where* in PmWiki we will store sensitive > > information such as email addresses -- the rest of the discussion > > is merely speculation. At least, it's speculation if I'm expected > > to support its inclusion in the core. > > I'd say that anything sensitive needs to go to SiteAdmin.AuthUser or > another single location in the SiteAdmin group.
I agree. For the last 40 years or so *nix has put identity and authorization information into either /etc/passwd or /etc/shadow. The default, I believe, is to have all identity/user-info type information (full name, groups, login shell, etc) in /etc/passwd and the actual authentication tokens in /etc/shadow. One could argue that since it's worked well in that context for decades a similar approach would work well in pmwiki. Kind of a "stand on their shoulders" approach. I personally would vote for a colon-delimited list of fields -- just as it currently is in AuthUser except more fields than just the username and hash. (Do note, however, that the hashed password can contain a colon so it would need to be the final field in the list if this approach were used.) Just a tho't. Is there an advantage to putting the authentification & user-info type of data in the profile page? I don't think I've seen an argument on that side yet although I may have missed it... -Peter _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
