[Pmwiki-users] Easily Hackable?

H. Fox haganfox
Sat Apr 3 17:36:04 CST 2004 

Patrick R. Michaud wrote:
> On Sat, Apr 03, 2004 at 02:34:26PM -0700, H. Fox wrote:
>
>> I'm not experienced enough to have a definitive answer.  I was
>> thinking along this line:  You could treat a HtGroup as a
>> pseudo-user and do it however its done now... if that makes any
>> sense.
> 
> Re: "...do it however it's done now..."
> 
> I think the point I'm trying to make (perhaps ineffectively) is that
>  it's *not* being done now-- PmWiki doesn't have a way to authorize 
> access to pages based on a user's identity.

Your explanation is more than adequate.  I hadn't explored far enough to 
know how access controls work, so I was making some assumptions.

>  PmWiki authorizes access
> to pages based on what a user knows--i.e., a shared secret of some
> sort. Most of the postings I've seen related to the topic of
> user-based control seem to focus on the issue of solving user
> authentication (easy), but then hand-wave the issue of mapping user
> identity to allowable actions as being a trivially or already solved
> problem, which it's not.
> 
> Of course, if one is willing to accept that access should be of the
> all-or-nothing type (an authenticated user is either allowed to 
> edit/access any page or none at all), then it becomes an
> easy-to-solve problem.  But I suspect that people will really want to
> be able to limit access to groups, pages, or operations based on user
> identity, and I'm having trouble seeing what the admin-interface for
> such a system should look like.
> 
> (K. Zadorozhny proposes one possibility in
> http://www.pmichaud.com/pipermail/pmwiki-users_pmichaud.com/2004-April/004138.html
> but I'm not sure how I feel about the interface yet.)

FWIW, here are some thoughts.

First I'd like to see if I understand how it works now....

[For the sake of simplicity I'll refer to a "page", and assume that a 
WikiGroup's main page (where $Title == $Group) specifies the default 
behavior for all pages in the group unless overridden individually.]

A page has attributes, accessible by /Group/Page?action=attr

On that page you can set (page-specific) *default* passwords to
- read,
- edit,
- change attributes, and
- upload (if uploading is enabled for the site).

In order to do one of those actions on that page, you would either need 
to know
- the page-specific password for that action on that page, or
- the config.php password for the action.

Now, here are some thoughts on access controls...

- Each page would have a list of users.
- A page's user list may be modified by those who  know the
   "attribute" password for the page.
- Each user has enable/disable settings for each action.

It might look like this:

                 read     edit    attribute   upload
Admin             x       x         x          x
Default           x
Pebbles           x       x                    x
Bam-Bam           x
Barney            x       x
Wilma             x                            x
HtAccess          x       x
HtGroup:editors   x       x                    x

So,

- The admin user would always have all capabilities.
- A default user would never have "attribute" capability.
- HtAccess might be a special user that means "all users in the
   .htaccess file".
- HtGroup:editors means the editors group in the .htgroups file.

Hagan

More information about the pmwiki-users mailing list