Ok, it is a magic of the internet (and much kindness from him) that Patrick, a super-expert in the matter, engages talks with me, a sub-newbie. I am sorry that I cannot "keep his pace": too much difference in level, skills, attitudes. :-)
That said, I just copy and paste some of his last sentences: > As far as safety, I personally would feel much safer with such a > large password database spread out over many files than in a single > (essentially text) file. > if there are hundreds of user records in > the SiteAdmin.AuthUser page it's more difficult [...]. > If it's in Profile.XYZ then it's easy to locate and manipulate > directly. > Also, SiteAdmin.AuthUser stores more information than just usernames > and passwords, it also stores group memberships. Keeping group > memberships in individual profile pages would also be much simpler. > a small mistake in SiteAdmin.AuthUser can suddenly wipe out lots > of accounts > Apache offers the ability to keep usernames and > passwords in .htpasswd files, but those quickly degrade in performance > as there get to be a larger number of entries. In such cases Apache > recommends moving to something that allows better random-access > rather than sequentially scanning a large .htpasswd file (on every > authentication request). Patrick recently underlined that I quoted wrongly from him (sorry Patrick, I didn't mean to). Now, if I happened to quote right and in the proper context here, I am under the *very* impression that his well-informed experience/knowledge is casting *many* votes to the Profile-based system. Am I wrong? Luigi _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
