[Pmwiki-users] Re: Re: Edit password also used to read pages in PmWiki 2?
chr@home.se
chr
Sat Nov 20 08:05:39 CST 2004
On Fri, 19 Nov 2004, Patrick R. Michaud wrote:
> On Fri, Nov 19, 2004 at 02:48:53PM +0100, chr at home.se wrote:
> > So what happens if you go directly to a URI like
> > http://... ?action=edit
> >
> > without having visited the site before? I assume you'll be asked for the
> > edit password?
> >
> > And then when you've saved the page you're asked for the read password?
>
> Yup.
>
> Believe it or not, this isn't entirely as farfetched or unintuitive as
> it might sound. There are situations in which being able to edit a page
> doesn't imply that you know the page's entire contents when it's displayed
> via ?action=browse -- consider (:include:) and its relatives. Currently
> (:include:) will insert the contents of another page only if the user
> has previously entered any read passwords for that page, and included
> pages won't generate password prompts. So, entering the read password
> for the page just edited might be an important step to enabling access
> to other pages or features it includes or references.
Hmm... interesting. But.. is there anything that prevents a person from
adding (:include ...:) to e.g. the sandbox, thereby seeing what's in a
page that's supposed to be read protected?
Or does pmwiki check for read passwords of pages that are included?
> That said, I might make this into a customization option of some sort,
> so that an administrator can set "edit implies read", "attr implies
> all" policies to be used by the passwording mechanism.
Sounds like a good solution to me, a cookbook page?
/Christian
--
Christian Ridderstr?m, +46-8-768 39 44 http://www.md.kth.se/~chr
More information about the pmwiki-users
mailing list