[pmwiki-users] Include Password in URL string to access protected pages
christian.ridderstrom at gmail.com
christian.ridderstrom at gmail.com
Thu Jun 28 02:19:45 CDT 2007
On Wed, 27 Jun 2007, Patrick R. Michaud wrote:
> If you're using curl as a command-line tool, try the -d option:
>
> curl -d authpw=banana http://my.wiki.org/ProtectedGroup.DataPage
>
> This generates a POST request for the page, exactly as if someone
> had filled in the authorization form.
I added this to
http://pmwiki.org/wiki/PmWiki/EditingAPI
it's not an ideal location, but at least something.
Is this the recommended way of doing it with 'curl'?
/Christian
>
> This can also be done with the password as part of the url, but be aware
> that the password will appear (in cleartext) in the server logs
> as part of the request string. If you're okay with that, then you
> can do a local customization like:
>
> if (@$_GET['authpw']) SDV($_POST['authpw'], $_GET['authpw']);
>
> This allows passwords to come from url strings as well as forms.
> Then a url like the following should work:
>
> http://my.wiki.org/ProtectedGroup.DataPage?authpw=bananas
>
> No need to go through a separate "log in" step, just provide the
> password as part of the request.
>
> Pm
>
--
Christian Ridderström, +46-8-768 39 44 http://www.md.kth.se/~chr
More information about the pmwiki-users
mailing list