[Pmwiki-users] Search & Security

Patrick R. Michaud pmichaud at pobox.com
Tue May 13 22:51:37 CDT 2003


On Tue, May 13, 2003 at 11:13:52PM -0400, Crisses wrote:
> A search probably shouldn't search through pages people don't have access
> to.

Except that there's no real way to determine which pages a person has
access to or doesn't have access to without doing some sort of
authentication first, and that authentication would have to be done
from the search page itself.

I did think about the issue of searching protected pages when implementing 
the original search, but decide to go with displaying the page name anyway
because suppressing them is fairly complex.  In general it falls under
my general strategy that complex or specialized searches should be handled
by custom or specialized search engine software, rather than try to duplicate
those features directly in PmWiki.

Of course, now that we have the potential to search by groups there are
some possibilities for limiting the scope of the search.  I'll be happy
to add an "exclude groups/pages from search" feature to search.php, but
it probably won't be authentication based.  I really think that level of
control is best served by scripts tailored to a site's specific needs.

Pm




More information about the pmwiki-users mailing list