[Pmwiki-users] Re: Default Passwords

Hans Bracker design
Fri Dec 17 02:34:57 CST 2004


Friday, December 17, 2004, 3:15:33 AM, PM wrote:
> Yes, but you can also remove the attr password by setting the attr password
> to "clear" in the ?action=attr form.  (If your response to that is "okay,
> but how can I use ?action=attr if the attr password is locked, the
> answer is to use the admin password. :-)

Then perhaps an admin password should be set as a default option, or in
sample-config there should be an entry for the admin password, if not
for all the other default passwords as well, commented out?

>> ... Is there a way to make GroupAttributes more secure?

> Sure, the solution I had in mind was to simply say that "attr"
> privileges are required in order to delete a page instead of just
> "edit" privileges.  

I hope not for deletion of any normal page, since authors often have
to delete a page, but just have attr privileges in order to delete
the GroupAttribute page. But why should it be possible to delete this
special container page anyway, would it not be better to prevent any
deletion of it?


Best,
 Hans                           




More information about the pmwiki-users mailing list