[pmwiki-users] Always logged in for my IP (no password requested) : how to ?

Petko Yotov 5ko at 5ko.fr
Fri Sep 7 12:52:49 CDT 2012


I forgot to mention that logging-in this way has some security  
considerations.

1. Your IP address may change from time to time (unless you have a fixed IP  
contract with your ISP). When that happens, until you edit the config.php  
file or the page SiteAdmin.AuthDNS, someone with your old IP address will be  
logged in automatically as admin on your wiki. It is extremely unlikely to  
become a problem, but you should know it is possible.

2. Most people today have a router or a modem facing the internet, and it is  
the IP address of that router which is visible to PmWiki. So, you need to  
configure this address, and not 127.0.0.1 or 192.168.*.* or 10.*.*.* of your  
local network (unless your PmWiki runs on your local network of course). You  
can see what is this address at http://www.whatismyip.com/ .

3. If you are behind a router, all other devices which pass through that  
router will have the same IP address for PmWiki - your wifi phone, your  
wife's netbook, a neighbour using your wifi connection, etc. All these  
people become admins of your wiki. Again, you should evaluate if this is a  
security risk.

4. In some cases, your ISP will route your traffic through the same proxy  
as other people. In such a case, thousands of people may have the same IP  
address.

For all these reasons, if you have some doubts, you should not use the  
automatic logins. The Persistent login recipe is more secure, and without  
any recipe, entering your password every time, is even better.

Petko




More information about the pmwiki-users mailing list