[pmwiki-users] Newbie has been hi-jacked
Patrick R. Michaud
pmichaud at pobox.com
Thu Mar 22 18:11:56 CDT 2007
On Fri, Mar 23, 2007 at 12:05:41AM +0100, St�phane Heckel wrote:
> "Ben Wilson" wrote :
>
> > [1]: http://pmwiki.org/wiki/PmWiki/Security
> > [2]: http://pmwiki.org/wiki/PmWiki/AuthUser
>
> Any chance to authorize a named domain only to access the pmwiki site ?
> ie : $EnableDomain = "acme.com"
> => only people from the ACME company can access the site
If the webserver provides a resolved domain name, then yes, it
can be done. But most webservers tend to have DNS resolution
turned off for performance reasons.
However, one can also limit access based on IP address ranges.
For example, to set a password only if the browser is coming
from a host outside of the 192.168.1.x address range:
if (substr($_SERVER['REMOTE_ADDR'],0,10) != '192.168.1.')
$DefaultPasswords['edit'] = crypt('something');
Thus, anyone accessing from a 192.168.1.x address can edit
without being prompted for a password -- everyone else has
to know the password to get access.
To completely block access based on domain name (as opposed
to blocking specific actions), it's often better to do it
at the webserver level, e.g., as Allow or Deny directives in
a .htaccess file.
Pm
More information about the pmwiki-users
mailing list