[pmwiki-users] Always logged in for my IP (no password requested) : how to ?
Petko Yotov
5ko at 5ko.fr
Fri Sep 7 12:52:49 CDT 2012
I forgot to mention that logging-in this way has some security
considerations.
1. Your IP address may change from time to time (unless you have a fixed IP
contract with your ISP). When that happens, until you edit the config.php
file or the page SiteAdmin.AuthDNS, someone with your old IP address will be
logged in automatically as admin on your wiki. It is extremely unlikely to
become a problem, but you should know it is possible.
2. Most people today have a router or a modem facing the internet, and it is
the IP address of that router which is visible to PmWiki. So, you need to
configure this address, and not 127.0.0.1 or 192.168.*.* or 10.*.*.* of your
local network (unless your PmWiki runs on your local network of course). You
can see what is this address at http://www.whatismyip.com/ .
3. If you are behind a router, all other devices which pass through that
router will have the same IP address for PmWiki - your wifi phone, your
wife's netbook, a neighbour using your wifi connection, etc. All these
people become admins of your wiki. Again, you should evaluate if this is a
security risk.
4. In some cases, your ISP will route your traffic through the same proxy
as other people. In such a case, thousands of people may have the same IP
address.
For all these reasons, if you have some doubts, you should not use the
automatic logins. The Persistent login recipe is more secure, and without
any recipe, entering your password every time, is even better.
Petko
More information about the pmwiki-users
mailing list