[pmwiki-users] Page question

Mailinglists mailinglists at wso.net
Mon Jun 23 12:31:47 CDT 2008


At 01:21 PM 6/23/2008, you wrote:
>Monday, June 23, 2008, 5:34:55 PM, Mailinglists wrote:
>> That is what I was thinking I could do, but I guess you saying the
>> password is not exposed for use in a conditional without modification?
>> This is low security situation.  It is just something to make the
>> client feel special and give a small sense of privacy. We just put
>> proofs and samples on these pages, nothing sensitive.
>PmWiki does not expose passwords in clear text, usually, for obvious
>reasons. so i would not recommend creating a conditional for it, as
>this would require you to expose all the passwords in the page text.

What does "usually" mean?

If the Wiki page that contains the conditions that use the clear text passwords is itself password protected and can only be edited by an admin, then how is that a security risk? The wiki is on a modern, fully updated OS with the latest cPanel installed and a diligent system admin (me).

>Rather do the redirections via config.php. for instance like this:

Unfortunately, that isn't an option either because ultimately the site admin is going to be just a Wiki admin with no access to the config.php, so it all needs to be done via Wiki markup. They will need to be able to add, remove and update client pages and logins without access to config.php

Hans, I appreciate your time and effort. Sounds like I either have to give in and use AuthUser with username / passwords, use clear text passwords in conditional markup, or conceded that it can't be done in the way I'm envisioning.






More information about the pmwiki-users mailing list