[Pmwiki-users] Easily Hackable?
H. Fox
haganfox
Sat Apr 3 17:36:04 CST 2004
Patrick R. Michaud wrote:
> On Sat, Apr 03, 2004 at 02:34:26PM -0700, H. Fox wrote:
>
>> I'm not experienced enough to have a definitive answer. I was
>> thinking along this line: You could treat a HtGroup as a
>> pseudo-user and do it however its done now... if that makes any
>> sense.
>
> Re: "...do it however it's done now..."
>
> I think the point I'm trying to make (perhaps ineffectively) is that
> it's *not* being done now-- PmWiki doesn't have a way to authorize
> access to pages based on a user's identity.
Your explanation is more than adequate. I hadn't explored far enough to
know how access controls work, so I was making some assumptions.
> PmWiki authorizes access
> to pages based on what a user knows--i.e., a shared secret of some
> sort. Most of the postings I've seen related to the topic of
> user-based control seem to focus on the issue of solving user
> authentication (easy), but then hand-wave the issue of mapping user
> identity to allowable actions as being a trivially or already solved
> problem, which it's not.
>
> Of course, if one is willing to accept that access should be of the
> all-or-nothing type (an authenticated user is either allowed to
> edit/access any page or none at all), then it becomes an
> easy-to-solve problem. But I suspect that people will really want to
> be able to limit access to groups, pages, or operations based on user
> identity, and I'm having trouble seeing what the admin-interface for
> such a system should look like.
>
> (K. Zadorozhny proposes one possibility in
> http://www.pmichaud.com/pipermail/pmwiki-users_pmichaud.com/2004-April/004138.html
> but I'm not sure how I feel about the interface yet.)
FWIW, here are some thoughts.
First I'd like to see if I understand how it works now....
[For the sake of simplicity I'll refer to a "page", and assume that a
WikiGroup's main page (where $Title == $Group) specifies the default
behavior for all pages in the group unless overridden individually.]
A page has attributes, accessible by /Group/Page?action=attr
On that page you can set (page-specific) *default* passwords to
- read,
- edit,
- change attributes, and
- upload (if uploading is enabled for the site).
In order to do one of those actions on that page, you would either need
to know
- the page-specific password for that action on that page, or
- the config.php password for the action.
Now, here are some thoughts on access controls...
- Each page would have a list of users.
- A page's user list may be modified by those who know the
"attribute" password for the page.
- Each user has enable/disable settings for each action.
It might look like this:
read edit attribute upload
Admin x x x x
Default x
Pebbles x x x
Bam-Bam x
Barney x x
Wilma x x
HtAccess x x
HtGroup:editors x x x
So,
- The admin user would always have all capabilities.
- A default user would never have "attribute" capability.
- HtAccess might be a special user that means "all users in the
.htaccess file".
- HtGroup:editors means the editors group in the .htgroups file.
Hagan
More information about the pmwiki-users
mailing list