Re: [Phpwiki-talk] Getting Involved?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> I absolutely understand. Perhaps I could work with them. The specific
> ideas I have right now is similar to the suggestions made at 
> the URL: http://phpwiki.sourceforge.net/phpwiki/UserAuthenticationDoneForYou

The person who did the initial implementation of non-apache based user
auth was Joe Edelman who hasn't been around for a while.  I don't know
if he's just been quiet or has found other responsibilities.

> I was thinking that if we could setup a authentication API that
> could be plugged into either http authentication using apache's
> auth systems (like UserAuthType Basic) - or - setup proprietary
> authentication systems (like a username/password in a MySQL db)
> then wiki would not need to handle all the "innards" of authentication
> but rather simply pull the username and password from however 
> it's configured to use authentication.

Here's now I see it.  The advantage of using something like apache for
authentication is that there are already a myriad of authentication
modules written (ldap, mysql, radius, htpasswd, ntlm etc etc).  

The disadvantage is that it makes it harder (impossible?) to force
people to log in via a form where you can request other information
(like an email address) and also explain how things work and that they
may just need to supply a WikiWord compliant username rather then find
somewhere to register for an account.

Leveraging apache would be really nice for intranet wiki's
(mod_auth_ntlm and all your exchange users now have wiki logins). 
However their logins aren't wiki words which sucks for a wiki.  Twiki
gets around this (imho in a confusing, kludgy way) by having a seperate
list which makes login names to wiki names (eg. adams = AdamShand).

The main reason for user authentication imho is that it provides a basis
for other things like customized themes, email notification and such.  I
don't think we need full on real authentication, just something that is
"good enough" (WorseIsBetter) to make abuse a pain and hopefully
discourage abuse.

Adam.

PS. My wiki's have recently stated to have problems of random abuse from
people on the internet (it's gone from happening every few months to a
few times a week).  Is it just me or have others noticed anything like
this?  It scares me a little that it's only going to get worse.