[pmwiki-users] User Registration/Login?

[Ben Stallings]

CarlosAB wrote,
> Is ZAP secure? I remember some long threads just talking about it.
> 
> I'm sorry if it is not true, but that's how I remember it and the reason why 
> I'm trying to code a registration recipe myself.

For those who didn't read those long threads talking about ZAP security, 
here's the quick summary:  ZAP is based on the assumption that you will 
only let people you trust edit pages on your wiki.  Like CommentBox and 
some other forms recipes, ZAP allows users without edit privileges to 
write predetermined kinds of information to pages, but unlike those 
other recipes, anyone *with* edit privileges can determine the kinds of 
information that are written.  So if you want your wiki to be open to 
editing by any and every person and bot on the Internet, as it is by 
default, then ZAP is not for you.

However, if you only allow people you trust to edit pages, then ZAP is 
as trustworthy as they are.  Unfortunately installing ZAP does not lock 
down your site; you have to do that yourself as a separate step.  That's 
part of why I plan to release a ZAP CMS bundle with all of that already 
done, so that it can be secure out of the box.

As for a separate registration recipe, that's great!  I hope you will 
make it compatible with the PmForms framework if possible.  Thanks! 
--Ben S.