[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wiki on sf

From: Etienne Grossmann
Subject: Re: wiki on sf
Date: Fri, 6 Jun 2003 09:12:58 +0100
User-agent: Mutt/1.3.28i


still more wiki-related questions, thanks for your patience. Some
technical questions and one password-related question.

On Thu, Jun 05, 2003 at 07:44:16PM -0500, Alex Schroeder wrote:
# Etienne Grossmann <address@hidden> writes:
# >   I don't get it : there is no $ConfigPage in the script (got from
# > There's $ConfigPage. Is that
# > what you meant?
# The variable $ConfigPage was introduced 2003-06-04.  It's default
# value is '' -- ie. there will be no page on the wiki that is executed
# as Perl code.  This is good.

  Ok, now I saw, in the latest code, that configpage gets the same
treatment as configfile, but it is one of the wiki's pages
(modifiable), while the other is a file outside of the wiki (not
modifiable). Indeed, setting configpage seems to leave a wide open

# > $UseConfig is set and the config file defines $FooterNote, $EditNote,
# > $HomePage, $LogoUrl and $StyleSheet. Is that insecure?
# No, that seems very reasonable.
# >   I set $AdminPass, did
# >
# >   http://anonimo.local/cgi-bin-etienne/ 
# >
# >   entered and received a cookie valid until 2005. Until then, I can do
# > anything I like? If I get it correctly, the wiki's owner can add
# > (edit|admin)passwords and communicate them to each developer? Once an
# > editor|administrator logs in, he's in for 2 year?
# If the wiki owner changes the passwords, then those users using an old
# password will no longer be administrators.  The mechanism is really
# simple:  action=password stores the password you used in the cookie,
# and as long as you use this cookie, and the password in the cookie
# matches one of the passwords defined by the wiki owner, you are an
# administrator.  When the cookie is created, it is valid for 2 years.
# One potential problem is connecting from a public computer and using
# action=password.  Then the cookie will be stored on a public computer
# for two years.  Personally, this is not a problem for me.  Do you
# feel that the cookie with the password should expire after the
# session ends?  Currently the username and the password are stored in

  Lemmesee : the username comes from the CGI object, not from a
user-filled box. So it is more 'browser information' (e.g. IP) than
actual username. right?

# the same cookie; this change would require using two cookies instead
# of one.

  What about a scheme in which, in order to modify a page, you have to
enter a username and a password. Each time someone checks in ('save'
button) a page.

  Alternatively, we can leave the wiki just plain open. Anyone can
change anything. How do you restore a page to its old version? (didn't
find it at



# Alex.
# -- 
# -------------------------------------------------------------
# Octave is freely available under the terms of the GNU GPL.
# Octave's home on the web:
# How to fund new projects:
# Subscription information:
# -------------------------------------------------------------

Etienne Grossmann ------

Octave is freely available under the terms of the GNU GPL.

Octave's home on the web:
How to fund new projects:
Subscription information:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]