[pmwiki-users] access control

Stirling Westrup sti at pooq.com
Tue Oct 10 12:01:08 CDT 2006


Jan Hegewald wrote:
> Hello pmwiki fellows,
> I´m new to wikis and webservers, so please be patient with me (-;
> If just installed pmwiki and it runs fine on my local apache  
> webserver. As I want to use the wiki mainly to hold personal  
> documentation of my daywork, I want to restrict public access.
> I have set a
> $DefaultPasswords['admin']
> $DefaultPasswords['write']
> $DefaultPasswords['read']
> in the config.php which seems to work: if I go to http://myip/ 
> ~mywebspace/pmwiki/pmwiki.php a password is needed to continue. But  
> if I use the direct path to a file in wiki.d the full contents of the  
> file are shown e.g. with http://myip/~mywebspace/pmwiki/wiki.d/Test.Test
> 
> I guess this is a basic question but I couldn´t find anything about  
> it in the docs. Do I have to limit access via the webserver to solve  
> this?
> 

Its recommended that your wiki.d directory not be in your server root at
all. In other words, it shouldn't be possible to construct a URL that
references it. If you can't manage that, then you need to restrict
access via an .htaccess file or similar method.




More information about the pmwiki-users mailing list