[pmwiki-users] global overview of passwords/authorizations

Patrick R. Michaud pmichaud at pobox.com
Sat Jul 23 09:02:17 CDT 2005


On Sat, Jul 23, 2005 at 09:55:13AM +0100, Hans wrote:
> Saturday, July 23, 2005, 6:06:24 AM, Patrick wrote:
> > Comments, suggestions welcomed.
>
> There are two read protected pages which are not listed in the table:
> http://www.pmwiki.org/wiki/Test/ReadProtected
> http://www.pmwiki.org/wiki/Test/ReadPass
>
> Does the pagelist not list read protected pages?
> Should it not, given the Read column?

As a general rule, placing a read password on a page tells PmWiki
not to expose any information about that page, except for the pagename.
And PmWiki tries not to expose the pagename if $EnablePageListProtect
is set.

So, as things stand now, if there's a read password on a page and
the browser hasn't supplied the read password, then the page won't
appear in the authtable.  There is an argument to be made that it 
could instead display something like

    Test.ReadProtected  || read || ??? || ??? || ??? ||

with the ???'s indicating that the information is hidden.

OTOH, from previous messages it seems likely that this table is 
going to be restricted to those who have attr or admin permissions
anyway; if that's the case then the read permissions probably 
don't pose a big problem.

Pm




More information about the pmwiki-users mailing list