[pmwiki-users] HandleAuth for action diag

Simon nzskiwi at gmail.com
Thu Sep 4 03:17:59 CDT 2008

Yes, I see why that makes sense.Where I was coming from was wanting a
password that only applied to approved URLs, rather than giving (say) my
Admin password out.

I suppose I can change the password on the approved URLs page, but
this doesn't appeal to me as much as applying security to the action.



2008/9/4 Patrick R. Michaud <pmichaud at pobox.com>

> On Wed, Sep 03, 2008 at 10:37:37PM +1300, Simon wrote:
> > As a general principle I think all actions should check the normal
> mechanism,
> > perhaps this is the problem I am having with ?action=approvesites
> As a "general principle" I agree -- but the very phrase
> "general principle" implies that there can be exceptions.  :-)
> In the case of ?action=approvesites, it always uses the write
> permission of the page that will contain the url approvals.
> Very little else makes sense.  One could, I suppose, want to
> add additional restrictions tied to the ?action=approvesites
> command, but a person with write permission to the url approvals
> page would still be able to change the approved urls without
> using ?action=approvesites .
> Pm


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20080904/826454ea/attachment-0001.html 

More information about the pmwiki-users mailing list