Oops, didn't send to the list.
On 10/22/2016 9:53 PM, Petko Yotov wrote:
For stats close to the real life usage, you might enable cookies in
curl, like most real users will have cookies allowed. The session data
for authentication is stored, and the key is send to a browser cookie.
I tried this, with some interesting results. With $AllowPassword =
false, my page load times went back to what I would expect (55ms or
so).
When I edit a page, the expected password hashing is done to verify my
edit password.
Then when I go back, say to the homepage which has no password, it
still checks passwords, even when the site, group or page doesn't have
a read password which needs to be checked.
Do you again mean that pmcrypt() is called?
PmWiki will always try to read the current page as well as the
GroupAttributes page if it exists, and check their passwords. Opening
the files from the disk will require a few milliseconds, but if no
"passwdread" attributes are present, there shouldn't be a need to call
pmcrypt().
I've modified my pmcrypt by adding this line at the top:
echo "str=$str salt=$salt<br>\n";
Now I'll use curl and go to main.HomePage.
curl -b jar -c jar "http://localhost:8081/pmwiki.php?n=Main.HomePage"; >out
No pmcrypt here. Great. Now let's edit a page (it hasn't set the cookie
yet):
curl -b jar -c jar
"http://localhost:8081/pmwiki.php?n=Main.test&action=edit"; -d
authpw=secret >out
In out, I see:
str=secret
salt=$2y$10$3fQco9ikY9t5EEGPizr5jeHOmpnr0H5QtOkLSABZRSK1jD3.m01Wi<br>
str=secret
salt=$2y$10$3fQco9ikY9t5EEGPizr5jeHOmpnr0H5QtOkLSABZRSK1jD3.m01Wi<br>
It's calling pmcrypt against both the edit and admin passwords. In this
case, they're the same.
This is the edit page, with the textarea; now let's go home again.
curl -b jar -c jar "http://localhost:8081/pmwiki.php?n=Main.HomePage"; >out
Another 2 calls to pmcrypt.
str=secret
salt=$2y$10$3fQco9ikY9t5EEGPizr5jeHOmpnr0H5QtOkLSABZRSK1jD3.m01Wi<br>
str=secret
salt=$2y$10$3fQco9ikY9t5EEGPizr5jeHOmpnr0H5QtOkLSABZRSK1jD3.m01Wi<br>
Even though none are needed; no passwords are protecting this page.
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
