[pmwiki-users] Allowing password extraction from URI

chr at home.se chr at home.se
Sun Jul 24 11:19:54 CDT 2005


On Wed, 11 May 2005, Patrick R. Michaud wrote:

This a bit old, based on my discovery that pmwiki-mode in Emacs no longer 
works with passwords on pmwiki.org

> On Wed, May 11, 2005 at 03:37:24PM +0200, chr at home.se wrote:
> > > However, you probably don't want to deal with cookies in Emacs, so
> > > perhaps you could try doing an HTTP POST with the "authpw" value set
> > > to "password"?
> > 
> > Um.. I tried the following URI, but it didn't work..
> > 
> > 	http://www.pmwiki.org/wiki/Test/Password?authpw=password
> > 
> > Should it have worked?
> 
> No, I wrote the authentication module to only accept
> authpw values via POST requests -- somehow it just feels more
> secure.  If we can convince ourselves that it's okay to accept
> passwords from the url, then I can switch this to accept passwords
> from the URL as well.

Since I haven't had time to fiddle with Emacs, I wonder if you could 
allow pmwiki.php to extract user:password from the URI. Meaning of 
course that from this URI
 	http://user:password@www.pmwiki.org/wiki/Test/Password
pmwiki.php automatically extracts and uses user:password for 
authentification.

This mechanism should of course not be enabled by default, but it would be
good to have now at least.  (Since I haven't gotten around to fixing
pmwiki-mode).

I'd also appreciate it if you could enable this at pmwiki.org, at least
for the group Christian/ and a group Kvarn/ that I just created. This will
let me test how it works and work with these groups using pmwiki-mode.

In the long run (after fixing pmwiki-mode), I'm not sure if this is
something to keep, but it might at least be useful for people with older
versions.

regards
/Christian

-- 
Christian Ridderström, +46-8-768 39 44               http://www.md.kth.se/~chr






More information about the pmwiki-users mailing list