Menu
▾
▴
RE: [Phpwiki-talk] phpWiki and postnuke at Daimonin
|
From: Charles C. <ch...@ru...> - 2005-03-29 14:39:14
|
Hi, Have looked at the latest PhpWiki security framework? In my opinion, it is quite complete. While I would not consider myself an expert on the code, I did some testing and patching in the past 4 months with an emphasis on security and wrote doc/README.security to capture what I learned. There are several layers to PhpWiki's security framework and implementations. The first is the identification and authentication. This can be provided by several different mechanisms, including (but not limited to): database, ldap or wikipage. The next layer is group membership. Some are builtin groups and the other group memberships can be provided by at least two different mechanisms (database and wikipages). A user may be a member of multiple groups. The final layer is page permissions. Each group may have varying permissions to a page. The page group permissions are attached to pages in a hierarchical manner - if there is no relevant permission defined for a page, its parent is checked. If the PostNuke security structure is roughly analogous to this, it should be easy to extend PhpWiki to use PostNuke's identification, authentication and group memberships. However, it could be quite difficult to modify the page level permission system. I suggest that you first look at doc/README.security to learn about one way to secure PhpWiki (there are several alternatives) and then look at the layers I described above to see if it is worthwhile for you to follow up further. Regards, Charles -----Original Message----- From: Michael Toennies [mailto:mic...@da...] Sent: 29 March 2005 21:53 To: php...@li... Subject: [Phpwiki-talk] phpWiki and postnuke at Daimonin Hello We are the daimonin mmorpg project: http://www.daimonin.net <snip> Has the phpWiki community ever thought about to add a native postnuke interface? Postnuke lakes a native wiki. It has a very easy to use interface which allows it to bind in modules. Also, the changes would be normally not so hard - just a redirect to the postnuke permission system. Nearly all other parts from phpWiki fits in fine. |
