blob: 561cc405770e8d546b61f79996bd532897db757e [file] [log] [blame]
version=pmwiki-2.0.beta26
newline
text=PmWiki has built-in support for password-protecting various areas of the wiki site. Authors generally want to be able to apply passwords to individual pages or to [[WikiGroup]]s. Wiki Administrators can apply passwords to individual pages, to [[WikiGroup]]s, or to the entire wiki site. As with any access control system, the password protection mechanisms described here are only a small part of overall system and wiki security. [[PmWiki.Security]] will contain a more thorough discussion of possible issues.²²!!!As an author editing pages...²You will generally use 3 types of passwords:²# to control who can see a page or group, use @@read@@ passwords²# to control who can edit a page or group, use @@edit@@ passwords²# to control who can alter the passwords used to protect a page or group, use @@attr@@ passwords²²Note that if an @@attr@@ password isn't set, then anyone can alter the @@read@@ and @@edit@@ passwords. (See "security holes" below.)²²'''''To set a password on an individual wiki page,''''' add @@?action=attr@@ to the page's URL (address) to access its attributes. (You may be prompted for a username and password; the username field usually isn't used by PmWiki.) Using the small form on the attributes page, you can set or clear the @@read@@, @@edit@@, or @@attr@@ passwords on the page. In the form you enter the passwords as cleartext; PmWiki encrypts them for you automatically. ²²'''''To set a password on a wiki group''''' is slightly more difficult--you just set the passwords on a special page in each group called "GroupAttributes". You can get to the attributes page for `GroupAttributes by entering a URL (address) like [@http://www.example.com/pmwiki?n=GroupName.GroupAttributes?action=attr@]. Then, using the small form on the attributes page, you can set or clear the @@read@@, @@edit@@, or @@attr@@ passwords for the entire group. In the form you enter the passwords as cleartext; PmWiki encrypts them for you automatically. ²²!!!As an administrator ...²You can set passwords on pages and groups exactly as described above for authors. You can also:²# set site-wide passwords for pages and groups that do not have passwords set²# use @@attr@@ passwords to control who is able to set passwords on pages (and potentially other future attributes)²# use @@upload@@ passwords to control access to the file upload capabilities (if uploads are enabled)²# use an @@admin@@ password to override the passwords set for any individual page or group ²For more information on password options available to administrators, see PmWiki.PasswordsAdmin.²²!!!Which password wins?²In PmWiki, page passwords override group passwords, group passwords override the default passwords, and the @@admin@@ password overrides all passwords. This gives a great deal of flexibility in controlling access to wiki pages in PmWiki. ²²!!!Security holes ...²Administrators need to carefully plan where passwords are applied to avoid opening inadvertent security holes. If your wiki is open (anyone can read and edit), this would not seem to be a concern, '''except''', a malicious or confused user could apply a read password to a group and make the group completely unavailable to all other users. At the very least, even an open wiki should have a site-wide "admin" password and a site-wide "attr" password set in config.php. The ''sample-config.php'' file distributed with PmWiki indicates that the PmWiki and Main groups have "attr" locked by default, but if anyone creates a new group, "attr" is unlocked. Administrators must remember to set "attr" passwords for each new group (if desired) in this case. An easier solution is to include these lines in ''config.php'' :²² $DefaultPasswords['admin'] = crypt('youradminpassword');² $DefaultPasswords['attr'] = crypt('yourattrpassword');²²This sets your "admin" and "attr" passwords and ensures that any new group will have this "attr" password automatically applied to it.²²!!!Protecting all the pages in a group except one²To protect all of the pages in a group from editing, enter a URL (address) like [@http://www.example.com/pmwiki?n=GroupName.GroupAttributes?action=attr@]. Then, use the small form on the attributes page to set an @@edit@@ password for all pages in the group. To "unprotect" one page, you cannot simply "clear" the password for that page, because the page itself does not have a password - the group does. Enter a URL like [@http://www.example.com/pmwiki?n=GroupName.PageName?action=attr@]. Then, use the small form on the attributes page to set the @@edit@@ password to the special value "nopass". This tells PmWiki to ignore any site-wide or group-level edit passwords that apply to the page. You can repeat this operation to unprotect other pages in the group. ² ²Category: [[!Passwords]]²²%trail%<<|PmWiki.DocumentationIndex|>>²
time=1110345191
host=24.1.28.47
agent=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1
rev=48
post= Save
author=Pm
name=PmWiki.Passwords
targets=PmWiki.WikiGroup,PmWiki.Security,PmWiki.PmWiki,PmWiki.GroupAttributes,PmWiki.PasswordsAdmin,Category.Passwords,PmWiki.PageHistory,PmWiki.AuthorTracking,PmWiki.DocumentationIndex