[Pmwiki-users] Re: Default Passwords

[Hans Bracker]

PmWiki/PasswordsAdmin says:
>    By default, $DefaultPasswords is set with empty read, edit,
>    and attr passwords and locked admin and upload passwords. 
>    In addition, as distributed, the Main.GroupAttributes and 
>    PmWiki.GroupAttributes have locked attr passwords on them 
>    to prevent authors from setting passwords on pages in those groups.
>    (To change these passwords, use
> Main.GroupAttributes?action=attr or 
>    PmWiki.GroupAttributes?action=attr.)

> I suppose it would help to mention in sample-config.php that these
> groups are locked by default.  Another possibility is to ship PmWiki
> with the groups unlocked and leave it up to an administrator to
> lock them if that's desired.

> Pm

So pmwiki ships with some hidden group attribute passwords set for Main
and PmWiki groups. Removing the * from passwdattr=* in GroupAttributes
raw text unlocks the group attributes.

Since GroupAttributes is a page normally with no content, but acting
as a container for the group passwords it is still possible to edit
the page (if edit password is not set or I know the edit password) and
delete it the normal way, entering "delete" and saving the page. Then
opening GroupAttributes?action=attr I can set new attributes, so in
fact bypassing an attr password set which I as user/author may have no
knowledge of. May this not make groups rather vulnerable? Anyone with
edit privilege could enforce a new edit and attr password for the
group. Would it not be better to give the page GroupAttributes special
security perhaps by giving it default edit and attr passwords which
may be known to an admin or group admin person but not to all users?
But this is not possible since setting the passwords for
GroupAttributes are effective for all pages in the group and not just
for this one. Is there a way to make GroupAttributes more secure?


Hans