[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wiki on sf

From: Alex Schroeder
Subject: Re: wiki on sf
Date: Thu, 5 Jun 2003 19:44:16 -0500
User-agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux)

Etienne Grossmann <address@hidden> writes:

>   I don't get it : there is no $ConfigPage in the script (got from
> There's $ConfigPage. Is that
> what you meant?

The variable $ConfigPage was introduced 2003-06-04.  It's default
value is '' -- ie. there will be no page on the wiki that is executed
as Perl code.  This is good.

> $UseConfig is set and the config file defines $FooterNote, $EditNote,
> $HomePage, $LogoUrl and $StyleSheet. Is that insecure?

No, that seems very reasonable.

>   I set $AdminPass, did
>   http://anonimo.local/cgi-bin-etienne/ 
>   entered and received a cookie valid until 2005. Until then, I can do
> anything I like? If I get it correctly, the wiki's owner can add
> (edit|admin)passwords and communicate them to each developer? Once an
> editor|administrator logs in, he's in for 2 year?

If the wiki owner changes the passwords, then those users using an old
password will no longer be administrators.  The mechanism is really
simple:  action=password stores the password you used in the cookie,
and as long as you use this cookie, and the password in the cookie
matches one of the passwords defined by the wiki owner, you are an
administrator.  When the cookie is created, it is valid for 2 years.

One potential problem is connecting from a public computer and using
action=password.  Then the cookie will be stored on a public computer
for two years.  Personally, this is not a problem for me.  Do you
feel that the cookie with the password should expire after the
session ends?  Currently the username and the password are stored in
the same cookie; this change would require using two cookies instead
of one.


Octave is freely available under the terms of the GNU GPL.

Octave's home on the web:
How to fund new projects:
Subscription information:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]