Menu
▾
▴
Re: [Phpwiki-talk] stacked or strict or pre-defined password method order?
|
From: Oliver B. <ob...@de...> - 2004-01-22 09:38:08
|
Reini Urban wrote: > In the current code the authentification methods are "stacked", that > means, that the methods are searched in a predefined search order > (e.g. Anon or Bogo or HomePage password => ldap => imap => http_auth). I still didn't understand how to create a home page password and how to store a password there... > The first method which returns true is taken. False is only returned if > all defined methods will fail. > > With my new code we allow even more auth methods: > internal db, external db, file What means "file" - a textual password file? I hope that there will be a method working without sql, since many (cheap) hosting services don't offer sql - one of the reasons I use PhpWiki. > Now how should the admin configure his authentification: > 1) Should he be able to define the search order? > 2) Should he be able to define stacked (policy c) or strict (policy b) > or pre-defined method order (policy a)? I guess a combined method will rarely be necessary. If there is already some kind of authentification, why shouldn't _all_ accounts use it? But it wouldn't hurt, if it's safe: > The problem is that the user may exist with the current method but the > password is wrong, which brings him to the next method. This might not IMHO if the user was found with the first method, no other methods should be tried. Regarding the implementation, I don't know enough about PHP to contribute something useful. [...] > The code for a simple predefined scheme, (not-stacked) scheme is now > ready, were only one auth method is predefined, for all users. This would be fine for most cases, IMHO. Oliver |
