[pmwiki-users] Group security

Robert Laird rlaird at mail2Houston.com
Mon Feb 26 16:29:36 CST 2007


Thanks! You were right: during my testing I somehow didn't fully logout,
so the explicit logout demonstrated that the group WAS protected,
without me having to change anything, including the search.

I did have $EnablePageListProtect = 1; so I think I read that somewhere
and tried it.

But can you tell me how to do what you suggested: "One can configure
PmWiki so that DEF pages won't show up in Site.AllRecentChanges at all,
but there's not a way to selectively view from Site.AllRecentChanges."
????

Thanks again!

-- Robert


<-----Original Message-----> 
>From: Patrick R. Michaud [pmichaud at pobox.com]
>Sent: 2/26/2007 4:12:03 PM
>To: rlaird at cavediver.com
>Cc: pmwiki-users at pmichaud.com
>Subject: Re: [pmwiki-users] Group security
>
>On Mon, Feb 26, 2007 at 02:02:30PM -0800, Robert Laird wrote:
>> 
>> "DEF" needs to be a password-protected group... anyone with access to
this
>> internal wiki should be able to get to anything in the wiki except
for the
>> "DEF" group, unless authenticated.
>> 
>> I used the command:
>> 
>>
http://internalwiki/PMWiki/pmwiki.php?n=DEF.GroupAttributes?action=attr
>> 
>> in order to set the group password, and that works. The first time
someone
>> who knows the password access the DEF group, it asks for a password.
Once
>> authenticated, that user can get to any page in the DEF group.
>> 
>> However, someone who is not authenticated only has to do a search,
and
>> once a DEF.something page is found, they can click on it and it will
>> display. This is not good.
>
>If you've set a read password for the group, then someone who
>has not entered the password should not be able to view the page
>(nor see it in the results of a search). If you're able to
>see the page, then chances are that you've authenticated somehow.
>
>Are you sure you aren't already authenticated at the time of
>doing your testing? PmWiki remembers passwords until explicitly
>logged out or all browser windows are closed.
>
>Try explicitly logging out with ?action=logout before performing
>the search.
>
>> It would also be nice to make sure that Recent Changes won't show DEF
>> pages unless authenticated.
>
>One can configure PmWiki so that DEF pages won't show up in
>Site.AllRecentChanges at all, but there's not a way to selectively
>view from Site.AllRecentChanges.
>
>> P.S. We're running pmwiki-2.1.beta14
>
>Aha! The other thing you will want to do is set the following
>in your local/config.php:
>
> $EnablePageListProtect = 1;
>
>This tells PmWiki to not display read-protected pages in pagelists
>and search results unless the person is authorized to view the page.
>
>Oddly enough, this setting became the default in 2.1.beta15 ,
>so you could try upgrading to a later version of PmWiki and see
>if that improves things for you.
>
>Hope that helps, if things still don't seem to be working let us know.
>
>Pm
>.
> 


Click for a second home mortgage, fast & free, no fees, approval today
<http://tagline.bidsystem.com/fc/CAaCDCZ64Q5jrwDIJ1xbiYBACIkIuuiA/> 



<span id=m2wTl><p><font face="Arial, Helvetica, sans-serif" size="2" style="font-size:13.5px">_______________________________________________________________<BR>Get the Free email that has everyone talking at <a href=http://www.mail2world.com target=new>http://www.mail2world.com</a><br>  <font color=#999999>Unlimited Email Storage &#150; POP3 &#150; Calendar &#150; SMS &#150; Translator &#150; Much More!</font></font></span>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070226/9e63070e/attachment.html 


More information about the pmwiki-users mailing list