[pmwiki-users] Performance problems with passwords

Tyler Spivey tspivey at pcdesk.net
Sun Oct 23 00:21:40 CDT 2016


Oops, didn't send to the list.
On 10/22/2016 9:53 PM, Petko Yotov wrote:
>>> For stats close to the real life usage, you might enable cookies in
>>> curl, like most real users will have cookies allowed. The session data
>>> for authentication is stored, and the key is send to a browser cookie.
>>
>> I tried this, with some interesting results. With $AllowPassword =
>> false, my page load times went back to what I would expect (55ms or
>> so).
>> When I edit a page, the expected password hashing is done to verify my
>> edit password.
>> Then when I go back, say to the homepage which has no password, it
>> still checks passwords, even when the site, group or page doesn't have
>> a read password which needs to be checked.
>
> Do you again mean that pmcrypt() is called?
>
> PmWiki will always try to read the current page as well as the
> GroupAttributes page if it exists, and check their passwords. Opening
> the files from the disk will require a few milliseconds, but if no
> "passwdread" attributes are present, there shouldn't be a need to call
> pmcrypt().
>


I've modified my pmcrypt by adding this line at the top:
    echo "str=$str salt=$salt<br>\n";
Now I'll use curl and go to main.HomePage.
curl -b jar -c jar "http://localhost:8081/pmwiki.php?n=Main.HomePage" >out
No pmcrypt here. Great. Now let's edit a page (it hasn't set the cookie 
yet):
curl -b jar -c jar 
"http://localhost:8081/pmwiki.php?n=Main.test&action=edit" -d 
authpw=secret >out
In out, I see:
str=secret 
salt=$2y$10$3fQco9ikY9t5EEGPizr5jeHOmpnr0H5QtOkLSABZRSK1jD3.m01Wi<br>
str=secret 
salt=$2y$10$3fQco9ikY9t5EEGPizr5jeHOmpnr0H5QtOkLSABZRSK1jD3.m01Wi<br>

It's calling pmcrypt against both the edit and admin passwords. In this 
case, they're the same.

This is the edit page, with the textarea; now let's go home again.
curl -b jar -c jar "http://localhost:8081/pmwiki.php?n=Main.HomePage" >out
Another 2 calls to pmcrypt.
str=secret 
salt=$2y$10$3fQco9ikY9t5EEGPizr5jeHOmpnr0H5QtOkLSABZRSK1jD3.m01Wi<br>
str=secret 
salt=$2y$10$3fQco9ikY9t5EEGPizr5jeHOmpnr0H5QtOkLSABZRSK1jD3.m01Wi<br>

Even though none are needed; no passwords are protecting this page.




More information about the pmwiki-users mailing list