On 10/21/2016 1:15 AM, Petko Yotov wrote:
> I have made a change in subversion that will allow you to skip the
> checking for the "nopass" password with the next version.
Thanks. That seems to work. Thinking about this a bit more, it might be
masking an underlying problem. I think passwords are checked when they
don't need to be.
> If I understand correctly, one could set to 'nopass'
> $DefaultPasswords['admin'] or $DefaultPasswords['upload'] to allow
> anyone to edit everywhere or to upload. But this is probably unneeded on
> the vast majority of the websites running on PmWiki.
>
The way I understood it from the documentation was that nopass was used
as an edit password to allow unprotected editing of a page whose group
had an edit password, or for editing of a group protected by a site
password, or unprotecting a page otherwise protected by a password.
> For stats close to the real life usage, you might enable cookies in
> curl, like most real users will have cookies allowed. The session data
> for authentication is stored, and the key is send to a browser cookie.
I tried this, with some interesting results. With $AllowPassword =
false, my page load times went back to what I would expect (55ms or so).
When I edit a page, the expected password hashing is done to verify my
edit password.
Then when I go back, say to the homepage which has no password, it still
checks passwords, even when the site, group or page doesn't have a read
password which needs to be checked.
Not really a problem since I'll most likely end up using a local
non-password-protected wiki, but still interesting.
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
