Re: wiki on sf

[Etienne Grossmann]

  Hi,

still more wiki-related questions, thanks for your patience. Some
technical questions and one password-related question.

On Thu, Jun 05, 2003 at 07:44:16PM -0500, Alex Schroeder wrote:
# Etienne Grossmann <address@hidden> writes:
# 
# >   I don't get it : there is no $ConfigPage in the script (got from
# > http://www.emacswiki.org/current.txt). There's $ConfigPage. Is that
# > what you meant?
# 
# The variable $ConfigPage was introduced 2003-06-04.  It's default
# value is '' -- ie. there will be no page on the wiki that is executed
# as Perl code.  This is good.

  Ok, now I saw, in the latest code, that configpage gets the same
treatment as configfile, but it is one of the wiki's pages
(modifiable), while the other is a file outside of the wiki (not
modifiable). Indeed, setting configpage seems to leave a wide open
door.

# > $UseConfig is set and the config file defines $FooterNote, $EditNote,
# > $HomePage, $LogoUrl and $StyleSheet. Is that insecure?
# 
# No, that seems very reasonable.
# 
# >   I set $AdminPass, did
# >
# >   http://anonimo.local/cgi-bin-etienne/oddmuse.pl?action=password 
# >
# >   entered and received a cookie valid until 2005. Until then, I can do
# > anything I like? If I get it correctly, the wiki's owner can add
# > (edit|admin)passwords and communicate them to each developer? Once an
# > editor|administrator logs in, he's in for 2 year?
# 
# If the wiki owner changes the passwords, then those users using an old
# password will no longer be administrators.  The mechanism is really
# simple:  action=password stores the password you used in the cookie,
# and as long as you use this cookie, and the password in the cookie
# matches one of the passwords defined by the wiki owner, you are an
# administrator.  When the cookie is created, it is valid for 2 years.
# 
# One potential problem is connecting from a public computer and using
# action=password.  Then the cookie will be stored on a public computer
# for two years.  Personally, this is not a problem for me.  Do you
# feel that the cookie with the password should expire after the
# session ends?  Currently the username and the password are stored in

  Lemmesee : the username comes from the CGI object, not from a
user-filled box. So it is more 'browser information' (e.g. IP) than
actual username. right?

# the same cookie; this change would require using two cookies instead
# of one.

  What about a scheme in which, in order to modify a page, you have to
enter a username and a password. Each time someone checks in ('save'
button) a page.

  Alternatively, we can leave the wiki just plain open. Anyone can
change anything. How do you restore a page to its old version? (didn't
find it at http://emacswiki.wikiwikiweb.de/cgi-bin/oddmuse.pl).

  Cheers,

  Etienne

 
# Alex.
# -- 
# http://www.emacswiki.org/cgi-bin/alex.pl
# 
# 
# 
# -------------------------------------------------------------
# Octave is freely available under the terms of the GNU GPL.
# 
# Octave's home on the web:  http://www.octave.org
# How to fund new projects:  http://www.octave.org/funding.html
# Subscription information:  http://www.octave.org/archive.html
# -------------------------------------------------------------
# 
# 
# 

-- 
Etienne Grossmann ------ http://www.isr.ist.utl.pt/~etienne



-------------------------------------------------------------
Octave is freely available under the terms of the GNU GPL.

Octave's home on the web:  http://www.octave.org
How to fund new projects:  http://www.octave.org/funding.html
Subscription information:  http://www.octave.org/archive.html
-------------------------------------------------------------