On Thu, Jan 22, 2009 at 08:50:54PM +0100, [email protected] wrote: > > having all of the information on the SiteAdmin.AuthUser page can > > make it very cluttered for an admin to view/modify; putting > > info in profile page (with pagelist commands for displaying > > summary) keeps SiteAdmin.AuthUser itself clean > > Yes, but: > a) just like one can write a pagelist to extract data from different > Profile pages, couldn't one with about the same ease put together a > few lines of code to tidy extract (and, why not, handle) data > extracted from SiteAdmin.AuthUser?
This misses the point I was aiming at. At some point an administrator may need to manipulate SiteAdmin.AuthUser directly (e.g., to remove someone's account), and if there are hundreds of user records in the SiteAdmin.AuthUser page it's more difficult to do this. If it's in Profile.XYZ then it's easy to locate and manipulate directly. Also, SiteAdmin.AuthUser stores more information than just usernames and passwords, it also stores group memberships. Keeping group memberships in individual profile pages would also be much simpler. > b) Let's imagine we have 10000 users: would a (:pagelist:) work in > gathering data from Profiles? Or would it be easier to store 10000 > lines in one file? I have no experience, but maybe the second is > safer? With 10,000 users, I would think that storing information separately would be far more important. Granted, (:pagelist:) might be slow or impossible in that case, but getting a complete list of user accounts is also rare. And at least the (:pagelist:) version would give you the option of selecting records based on some criteria, while we'd need some very custom code to extract individual entries from AuthUser. Put another way: Apache offers the ability to keep usernames and passwords in .htpasswd files, but those quickly degrade in performance as there get to be a larger number of entries. In such cases Apache recommends moving to something that allows better random-access rather than sequentially scanning a large .htpasswd file (on every authentication request). As far as safety, I personally would feel much safer with such a large password database spread out over many files than in a single (essentially text) file. > > a small mistake in SiteAdmin.AuthUser can suddenly wipe out lots > > of accounts > > Same as it is right now, isn't it? > There is no way to setup some redundancy of any kind? My message was in response to the question of "why would storing user information in profile pages be better"; while a small mistake in SiteAdmin.AuthUser could wipe out the entire database -- a small mistake in a user's profile page would affect only that one user. Pm _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
