blob: 1414032354433228c8d6ea96a0b2229d91c1bd78 [file] [log] [blame]
version=pmwiki-2.0.beta26
newline
text=PmWiki has built-in support for password-protecting various areas of the wiki site. Passwords can be applied to individual pages, to [[WikiGroup]]s, or to the entire wiki site. Note that the password protection mechanisms described here are only a small part of overall system (and wiki) security, see [[PmWiki.Security]] for more discussion of this.²²Authors can use PmWiki to add passwords to individual pages and WikiGroups as described in [[PmWiki.Passwords]]. However, [[WikiAdministrator]]s can also set passwords in [[local customization(s)]] files as described below.²²PmWiki supports several levels of access to wiki pages:²-> @@read@@ passwords allow viewing the contents of wiki pages²-> @@edit@@ passwords control editing and modification of wiki pages²-> @@attr@@ passwords control who is able to set passwords on pages (and potentially other future attributes)²-> if uploads are enabled, @@upload@@ passwords control uploading of files and attachments²²Finally, there is an @@admin@@ password that allows an administrator to override the passwords set for any individual page or group. ²²Pages have their passwords as "page attributes" that are accessed by using ?action=attr at the end of a URL. Group passwords are held in a special page called "GroupAttributes" for each group. Global site-wide passwords are controlled by the $DefaultPasswords array. All passwords are stored in an encrypted format so that other users on the system cannot simply browse the contents of files to determine the passwords.²²By default, $DefaultPasswords is set with empty @@read@@, @@edit@@, and @@attr@@ passwords and locked @@admin@@ and @@upload@@ passwords. In addition, as distributed, the Main.GroupAttributes and PmWiki.GroupAttributes have locked @@attr@@ passwords on them to prevent authors from setting passwords on pages in those groups. (To change these passwords, use [[Main.GroupAttributes?action=attr]] or [[PmWiki.GroupAttributes?action=attr]].)²²To set the site-wide admin password to "@@mysecret@@", an administrator can place the following line in ''config.php'':²² $DefaultPasswords['admin'] = crypt('mysecret');²²Of course, as written here anyone able to view ''config.php'' would immediately know the site's password, so some sites would like it to be encrypted in the ''config.php'' file as well. Add @@?action=crypt@@ to the end of any PmWiki URL (or jump to [[{$Name}?action=crypt]]) and you'll be presented with a form to give you the encrypted form of the password. For example, when the ''crypt'' action is given the password "@@mysecret@@", PmWiki gives back a string like ²² [=$1$hMMhCdfT$mZSCh.BJOidMRn4SOUUSi1=]²²(it may be different on your system). This string can then be put directly into ''config.php'' as [=² $DefaultPasswords['admin'] = '$1$hMMhCdfT$mZSCh.BJOidMRn4SOUUSi1'; ² =]²²Note that in the encrypted form the ''crypt'' keyword and parentheses are removed, since the password is already encrypted. Also, the encrypted password must be²in single quotes. In this example the password is still "@@mysecret@@", but somebody looking at ''config.php'' won't be able to see that just from looking at the encrypted form. ''Crypt'' may give you different encryptions for the same password--this is normal (and makes it harder for someone else to determine the original password).²²Similarly, you can set @@[=$DefaultPasswords['read']=]@@, @@[=$DefaultPasswords['edit']=]@@, and @@[=$DefaultPasswords['attr']=]@@ to control default @@read@@, @@edit@@, and @@attr@@ passwords for the entire site. The default passwords are used only for pages and groups which do not have passwords set. Also, each of the $DefaultPasswords values may be arrays of encrypted passwords.²²To remove a site password entirely, such as the default locked password for uploads, just set it to empty:²² $DefaultPasswords['upload'] = '';²²In PmWiki, page passwords override group passwords, group passwords override the default passwords, and the admin password always allows access. This gives a great deal of flexibility in controlling access to wiki pages in PmWiki. ²²You can also use the special password "nopass" (defined by the $AllowPassword variable) via @@?action=attr@@ to have a non-password protected page within a password-protected group, or a non-password protected group with a site-wide default password set.²²To use PmWiki itself to set passwords on individual wiki pages and [[WikiGroup]]s via @@?action=attr@@, see [[PmWiki.Passwords]].²²Category: [[!Passwords]]²²%trail%<<|PmWiki.DocumentationIndex|>>
time=1110345205
host=24.1.28.47
agent=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1
rev=47
post= Save
author=Pm
name=PmWiki.PasswordsAdmin
targets=PmWiki.WikiGroup,PmWiki.Security,PmWiki.PmWiki,PmWiki.Passwords,PmWiki.WikiAdministrator,PmWiki.LocalCustomizations,PmWiki.WikiGroups,PmWiki.GroupAttributes,Main.GroupAttributes,PmWiki.PasswordsAdmin,Category.Passwords,PmWiki.PerGroupCustomizations,PmWiki.UploadsAdmin,PmWiki.DocumentationIndex