[Pmwiki-users] Re: Uploading and password proctecting

Patrick R. Michaud pmichaud
Wed Jun 16 07:22:31 CDT 2004


On Wed, Jun 16, 2004 at 10:05:02AM +0200, Christian Ridderstr?m wrote:
> On Wed, 16 Jun 2004, Steven Leite wrote:
> 
> > I think the idea of having uploaded files in a non-web-accessible
> > directory is a VERY good idea.  This will extend naturally to the idea
> > of password protecting downloads in the same way that we password
> > protect pages.
> 
> The drawback, as you mentioned further down, is that we loose the ability
> to use other tools for browsing uploaded files. 

Not at all.  Just because PmWiki tries to make certain directories
web-inaccessible by default doesn't mean they have to be that way
in order for things to work.  A wikiadministrator is always free to 
open up any directory to the web (and thus the tools that would be 
available from doing so).

The real question is simply "what should the default configuration be?"

> I haven't followed this thread seriously, but is there anything wrong with 
> controlling access by using .htacces in the upload-directory?

Nothing wrong with it, but here are the arguments against PmWiki using
that as the primary (or only) means of access control to uploads:
  - Some people aren't running Apache, so .htaccess may not be an option
  - Many wikiadmins may not know how to set up .htaccess (*)
  - .htaccess's authentication model is different
  - Since PmWiki provides access-control mechanisms for other features,
    it seems natural that it should provide access-control for uploads
  - It's annoying to have to maintain passwords in two different locations

(*) Even those admins who do know how to set up .htaccess often don't
understand how it works.  About once per month I get email from someone
who is using .htaccess to control access to pmwiki.php and then wonders
why PmWiki's page and group passwords no longer work (answer: because the
HTTP Basic Authentication protocol used by .htaccess and PmWiki only
allows a single password per request).

Pm



More information about the pmwiki-users mailing list