Re: [Phpwiki-talk] GroupWikiPage

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> A solution to both is "pagetype" in its own field in $page_tbl (or if it
> 
> is the consensus a meta-data entry).  A single small int would resolve 
> the issue:
> 
> 0 - WIKI_PAGE    # Standard Wiki Page
> 1 - GROUP_PAGE   # Group page with list of members
> 2 - USER_PAGE    # User Homepage with Meta-data containing password
> 3 - ADMIN_PAGE   # ? not sure just brainstorming for potential
> 
> This would enable quick identification (field would be faster than 
> meta-data), provide better security, and well...make things clearer.

That, of course, would require back-end changes as well as requiring
some new UI to allow editing of the page type.  (I.e. you can't change
a page type just by editing the page in the normal way --- or at least
you'd have to fix things so that you can....)

If you're willing to go that far, then it's probably better to just
stick with separate group dbs, as originally suggested.  (I.e. the
main point of cramming the group information into wiki pages was to
avoid backend changes, and to avoid having to implement a group
management UI...)

As you point out: so long as the GroupDatabase (and UserDatabase(s))
are implemented as standalone objects, all of the implementation
details can be cleanly changed later should someone feel the
need....

>>2) It looks like a non-homepage can be compromised and turned into a 
>>homepage by adding a CategoryHomepage and then trying to login with that
>>name.

I think in Reini's current design, user password verification can from
from a number of sources (LDAP, IMAP, seperate SQL db, or data stored
in UserPage).  Still, there is a single user namespace.   So the problem
is a little more complicated (and insidious) since users can be created
by processes completely unrelated to WikiPage creation/modification...
I.e. it's not clear to me that all valid users necessarily even have
a UserPage.  The only unique user identifier we have is the username.
(Iff two users have the same username, they are the same user.)
There may or may not be a wikipage with that name, and, even if there
is, it may or may not be that users UserPage.

Is that right Reini?