[pmwiki-users] Setting DefaultsPasswords via config files
Patrick R. Michaud
pmichaud at pobox.com
Sat Jun 9 10:24:38 CDT 2007
On Fri, Jun 08, 2007 at 06:07:34PM +0200, Christian Bartolomaeus wrote:
> * On 2007-06-08 Patrick R. Michaud (pmichaud at pobox.com) wrote:
> > > Let's say I have a group "GroupA" which I want to be read protected
> > > with password "foo". That password is given to all readers of GroupA.
> > > Since I can't remember all those passwords I use a configuration file
> > > local/GroupA.php with:
> > >
> > > $DefaultPasswords['read'] = crypt('foo');
> >
> > This won't work ... read passwords cannot be set in per-group
> > customization files.
> > [...]
>
> Ahh, I see. So PmWiki couldn't honor read permissions defined that way
> whenever there are references to other groups.
Correct.
> But am I right to assume that "it works" as long as there is just
> plain text all over the wiki (no references to content in other pages
> except links -- in particular no include directives, no page
> variables)?
Someone can still get access to read-protected pages by
specifying fmt=#include as part of a search query. For example,
searching for "name=GroupA.ABC fmt=#include" would enable someone
to view the contents of GroupA.ABC , because GroupA.ABC wouldn't
have a read password on it.
> I will try to add some of the explanation you gave to
> PerGroupCustomizations and PasswordAdmins (maybe in the FAQ section).
> You can clean it up if necessary.
Thanks!
Pm
More information about the pmwiki-users
mailing list