[pmwiki-users] How to restrict auth to secure connections

Daniel Rubin Daniel.Frederik.Rubin at scai.fraunhofer.de
Thu Aug 17 08:17:56 CDT 2006


Patrick R. Michaud wrote:
> On Thu, Aug 17, 2006 at 10:27:06AM +0200, Daniel Rubin wrote:
> 
>>Greetings, everyone.
>>
>>I'd like to restrict authentication to my wiki such that
>>  * login is only permitted from connections via https or from
>>    the local network
>>  * the authentication form is also only shown under these
>>    circumstances.
>>
>>Which is the best way to achieve this?
> 
> 
> So, if someone attempts to access a protected resource from a
> non-https connection, you want the system to just return a
> "forbidden" response, or ...?
> 
> Pm

Not exactly.  I only want the _login_ to be rejected if it comes from an 
insecure source.

To be precise,
  (1) AuthUser should not honor any username and password posts
  (2) instead of the login form it should return a rejection message.

Thanks,
----Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Daniel.Frederik.Rubin.vcf
Type: text/x-vcard
Size: 310 bytes
Desc: not available
Url : /pipermail/pmwiki-users/attachments/20060817/efd49b1c/attachment.vcf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3775 bytes
Desc: S/MIME Cryptographic Signature
Url : /pipermail/pmwiki-users/attachments/20060817/efd49b1c/attachment.bin 


More information about the pmwiki-users mailing list