Hi, I'm having trouble implementing secure editing. As wiki_admin I can log in, edit and save, no problems. My user_auths are set as ALLOW_ANON_USER = true, ALLOW_ANON_EDIT = false, ALLOW_BOGO_LOGIN = false, ALLOW_USER_PASSWORDS = true.
When I have the authentication set to "Db" and try to login in as another user (who I have externally added to the wiki SQL database (member and prefs) with name and password and appropriate table permissions), I get a terminal httpd error. if I allow Visual Studio to debug it says it is an access violation. If I add in "Personal Page" as a 2nd auth method I get an explorer error "page not found" .
Do you have a good reason for not allowing bogo users? The comment in config.ini says:
; If ALLOW_BOGO_LOGIN is true, users are allowed to login (with
; any/no password) using any userid which:
; 1) is not the ADMIN_USER, and
; 2) is a valid WikiWord (matches $WikiNameRegexp.)
; If true, users may be created by themselves.
Using this set-up there is no need to fidde directly with the database for managing users.
belbernard wrote ;Do you have a good reason for not allowing bogo users?
I am trying to set the wiki up to be publicly viewable but only editable by users we have registered, using the wiki as a group permanent(ish) blog. The problem is coming up when the password is being authenticated against the mysql database, or possibly because a user is in the pref table but no corresponding page is in the rest of the db?
If I allow bogo logins new user prefs are going into the mysq db.
When I need to do this, I set up ACL on pages in a way only their owners can modify them. This property is inherited by subpages created from the current page. The drawback is that bogo users still can create spam pages, so we watch newly created pages...
Log in to post a comment.