On Apr 7, 2009, at 8:44 AM, John Hampton wrote: > > Noah Kantrowitz wrote: >> If they have no password backend configured, not form-based auth. No >> need for extra options. > > ATM, it uses the SessionStore backend as a default. One need not > configure anything to have it work. > > I suppose that we could have initenv set this default (along with > prompting for a TRAC_ADMIN username and password).
Thats a very bad default. It anything it should be using htpasswd as a default. SessionStore is an optimization only for the largest of sites where updating the password file becomes a concurrency issue. No one else should ever use it, period. I would make it use htpasswd (with conf/passwd as the file) at initenv, and then make it so if you blank the config value for the backend it disables the form. --Noah --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
