Yes, I have checked it. Now I think that it is AuthUser configuration. Maybe this problem is not a big deal, but I think sometimes some admins are annoyed about it...<br><br>
<div><span class="gmail_quote">On 8/11/06, <b class="gmail_sendername">Tegan Dowling</b> <<a href="mailto:tmdowling@gmail.com">tmdowling@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Do you have in your config.php:<br><br> include_once("$FarmD/scripts/authuser.php");<br><br>?<br>
<br>On 8/11/06, 1 2 <<a href="mailto:vanship85@gmail.com">vanship85@gmail.com</a>> wrote:<br>><br>> Sorry that maybe I misunderstand what is the default configuration. I will<br>> give an example,<br>><br>
> I set in local/config.php that<br>> $DefaultPasswords['admin'] = crypt('123456');<br>><br>> And I follow the instruction that in Site.AuthUser, I add a line as<br>> alice: (:encrypt wonderland:)<br>><br>
> and save it to create an account. Then I edit the attributes of a page, add<br>> the following line in the edit password box,<br>> id: alice<br>><br>> Of coz next time when I edit the page, it prompts an login page with Name
<br>> and Password box. I try alice:wonderland and it is ok. But when I try<br>> alice:123456(the default passwords of admin), it is also ok. Even when I try<br>> bob:123456, it is still ok. I think it is a problem that if a user's
<br>> password is happened to be the admin's, he will get the whole privileges<br>> even if he does not know he becomes an admin.<br>><br>> On 8/11/06, Tegan Dowling <<a href="mailto:tmdowling@gmail.com">tmdowling@gmail.com
</a>> wrote:<br>> ><br>> On 8/11/06, 1 2 <<a href="mailto:vanship85@gmail.com">vanship85@gmail.com</a>> wrote:<br>> > On 8/11/06, Tegan Dowling < <a href="mailto:tmdowling@gmail.com">tmdowling@gmail.com
</a>> wrote:<br>> > ><br>> > >On 8/11/06, 1 2 <<a href="mailto:vanship85@gmail.com">vanship85@gmail.com</a>> wrote:<br>> > > ><br>> > > > Hi. I set up my pmwiki and set a page to be only edited by some users.
<br>> But<br>> > > > if I provide the admin's password in the password box, I will be able<br>> to<br>> > > > login and edit this page regardless to the username I provide in the<br>> > > > username box. It seems that the default admin password does not
<br>> require a<br>> > > > user name. I think this may cause security problems. How to solve this<br>> > > > problem?<br>> > ><br>> > > What security setup are you using - AuthUser, or UserAuth, or just the
<br>> > > default configuration?<br>> ><br>> > Default configuration<br>><br>> Then I'm puzzled - typically the authorization form for the default<br>> configuration doesn't include a field for username - it just has the
<br>> single field for password. Does your login page have both? OR when<br>> you refer to "the username I provide in the username box", do you mean<br>> the Author name that you supply when you edit?<br>
><br>> I think you're probably discovering-by-using the basic way that this<br>> is supposed to work. The admin password is intended to over-ride all<br>> others. Administrators need to understand this so that they know not
<br>> to give it to anyone who should not have 'god-like powers'.<br>><br>> If you've given the admin password to someone who shouldn't have admin<br>> access to the wiki, you may want to change the admin password.
<br>><br>> Am I understanding and addressing your situation and question?<br>><br>> _______________________________________________<br>><br>> pmwiki-users mailing list<br>> <a href="mailto:pmwiki-users@pmichaud.com">
pmwiki-users@pmichaud.com</a><br>> <a href="http://host.pmichaud.com/mailman/listinfo/pmwiki-users">http://host.pmichaud.com/mailman/listinfo/pmwiki-users</a><br>><br>><br></blockquote></div><br>