[pmwiki-users] pmwiki-2.0.beta29 out, needs testers and feedback
Patrick R. Michaud
pmichaud at pobox.com
Tue Apr 12 20:42:40 CDT 2005
On Tue, Apr 12, 2005 at 08:56:04PM -0400, Crisses wrote:
>
> On Apr 12, 2005, at 12:55 AM, Patrick R. Michaud wrote:
>
> >User-based authentication can completely coexist and mix freely with
> >password-based authentication, thus an edit password of
> >"id:alice glorp" will allow Alice and anyone who knows the
> >password "glorp" to edit the page.
>
> Does this mean that if a password is "alice" and a username is "alice"
> both will be able to see the page?
No, not really (at least not as I interpret your question). When user
authentication is active the "password required" prompt will have both
a name field and a password field. An author that enters "alice" in the
username field (along with Alice's password) would have access to
all pages with "id:alice" authorization. An author that enters
"alice" in the password field would gain access to all pages with
"alice" set as a password.
> This represents a hazard if users are allowed to create passwords.
I'm not sure I see the hazard you're envisioning, so let me know. :-)
Pm
More information about the pmwiki-users
mailing list