[pmwiki-users] Admin's password

Tegan Dowling tmdowling at gmail.com
Fri Aug 11 08:13:24 CDT 2006


On 8/11/06, 1 2 <vanship85 at gmail.com> wrote:
> On 8/11/06, Tegan Dowling <tmdowling at gmail.com> wrote:
> >
> >On 8/11/06, 1 2 <vanship85 at gmail.com> wrote:
> > >
> > > Hi. I set up my pmwiki and set a page to be only edited by some users. But
> > > if I provide the admin's password in the password box, I will be able to
> > > login and edit this page regardless to the username I provide in the
> > > username box. It seems that the default admin password does not require a
> > > user name. I think this may cause security problems. How to solve this
> > > problem?
> >
> > What security setup are you using - AuthUser, or UserAuth, or just the
> > default configuration?
>
> Default configuration

Then I'm puzzled - typically the authorization form for the default
configuration doesn't include a field for username - it just has the
single field for password.  Does your login page have both? OR when
you refer to "the username I provide in the username box", do you mean
the Author name that you supply when you edit?

I think you're probably discovering-by-using the basic way that this
is supposed to work.  The admin password is intended to over-ride all
others.  Administrators need to understand this so that they know not
to give it to anyone who should not have 'god-like powers'.

If you've given the admin password to someone who shouldn't have admin
access to the wiki, you may want to change the admin password.

Am I understanding and addressing your situation and question?




More information about the pmwiki-users mailing list