[pmwiki-users] Self registration

kirpi at kirpi.it kirpi at kirpi.it
Thu Jan 22 15:38:00 CST 2009


Ok, it is a magic of the internet (and much kindness from him) that
Patrick, a super-expert in the matter, engages talks with me, a
sub-newbie. I am sorry that I cannot "keep his pace": too much
difference in level, skills, attitudes.
:-)

That said, I just copy and paste some of his last sentences:

> As far as safety, I personally would feel much safer with such a
> large password database spread out over many files than in a single
> (essentially text) file.

> if there are hundreds of user records in
> the SiteAdmin.AuthUser page it's more difficult [...].
> If it's in Profile.XYZ then it's easy to locate and manipulate
> directly.

> Also, SiteAdmin.AuthUser stores more information than just usernames
> and passwords, it also stores group memberships.  Keeping group
> memberships in individual profile pages would also be much simpler.

> a small mistake in SiteAdmin.AuthUser can suddenly wipe out lots
> of accounts

> Apache offers the ability to keep usernames and
> passwords in .htpasswd files, but those quickly degrade in performance
> as there get to be a larger number of entries.  In such cases Apache
> recommends moving to something that allows better random-access
> rather than sequentially scanning a large .htpasswd file (on every
> authentication request).

Patrick recently underlined that I quoted wrongly from him (sorry
Patrick, I didn't mean to).
Now, if I happened to quote right and in the proper context here, I am
under the *very* impression that his well-informed
experience/knowledge is casting *many* votes to the Profile-based
system.

Am I wrong?

Luigi



More information about the pmwiki-users mailing list