Re: [Phpwiki-talk] Re:Userids?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

>yes. but why not also the admin? 
>the admin check is done later in user_auth.

I don't think we want random people to be able to make
edits which appear to be signed by the admin.

>other wiki's do it with simple userid cookies instead of auth.
>setting up the db auth scheme is not that trivial. cookies are easier.

(Password) authentication however is on the to-do list.
The motivations for adding real authentication include:
 * Page ownership (read-only or add-only pages).
 * Page change notification (authentication prevents
   the use of this feature for mail-bombing unsuspecting
   recipients.)
 * The (server-side) storage of large amounts of per-user
   state data could be used to do things like list/highlight
   changes since last visit, etc...  (Cookies can only store
   a finite amount of information.)

>> This would be a trivial hack, and I believe would be maximally forward-compa
> tible
>> with future non bogo-authentication.

The one problem I see with my proposed hacks is that it's going to
be fairly confusing to the user.  Since it's going to use the 
HTTP authentication mechanism (as currently used for admin logins)
there's not much opportunity to issue meaningful prompts.