[pmwiki-users] pmwiki-2.0.beta29 out, needs testers and feedback
Patrick R. Michaud
pmichaud at pobox.com
Wed Apr 13 08:56:18 CDT 2005
On Wed, Apr 13, 2005 at 09:23:20AM -0400, Crisses wrote:
> >>Does this mean that if a password is "alice" and a username is "alice"
> >>both will be able to see the page?
> >
> >No, not really (at least not as I interpret your question).
>
> The question is:
>
> if the page has "edit id:alice" set as the permission and
>
> username="joe", password="alice"
> and
> username="alice", password="gobbldygook"
>
> will both users access the page with the access set to id="alice"
No, with access set to "id:alice", only alice would be able to access
the page.
With access set to "id:alice alice", then joe would be able to
access the page.
> If we specify whether the permission is password=alice versus
> user=alice, that prevents this problem. In your example -- "id:alice
> glorp" there is no distinction that alice is a user and glorp is a
> password. Username "glorp" can access the page, and password "alice"
> can access the page.
Ah, I see the confusion. In "id:alice glorp", "glorp" is a password
because it's not immediately prefaced with "id:". To specify "glorp"
as a username one would use "id:alice,glorp" or "id:alice id:glorp".
We could potentially introduce a "password:" prefix for specifying
passwords, but that complicates the non-user-based authorization
a fair bit so I'd really prefer not to do that. I want the simple
case to remain simple.
Pm
More information about the pmwiki-users
mailing list