ahh, thanks for the tip.
turns out i had it declared before the Passwords declarations - it
works as desired after moving it directly after the passwords.
thanks!
adam
On 10 Aug 2008, at 9:15 AM, Patrick R. Michaud wrote:
On Wed, Aug 06, 2008 at 05:54:29PM -0700, adam overton wrote:
if i
On Wed, Aug 06, 2008 at 05:54:29PM -0700, adam overton wrote:
if i try to set $EnableDiag only for use by the admin using either of
the two following approaches, i get an unending request for a
password. if i set the $EnableDiag manually to 1 or 0, everything
edits fine.
if
hi
i'm currently running pmwiki-2.2.0-beta65
if i try to set $EnableDiag only for use by the admin using either of
the two following approaches, i get an unending request for a
password. if i set the $EnableDiag manually to 1 or 0, everything
edits fine.
if (CondAuth($pagename,
Patrick R. Michaud wrote:
[...]
?action=diag:
* All global variables in effect at the time of execution
...for example [AuthId] an [AuthPw] containing current user name and
passwords in _plain text_. So as long as someone doesn'd log out or
close the browser, I can get his username and
Note that passwords held in $DefaultPasswords and $AuthUser
are encrypted, so even if someone obtains the encrypted values
they would still need to break the encryption to learn the
actual passwords.
I am not sure exactly how the PHP encryption function works, but could
getting the
On 3/2/07, Ian Barton [EMAIL PROTECTED] wrote:
Note that passwords held in $DefaultPasswords and $AuthUser
are encrypted, so even if someone obtains the encrypted values
they would still need to break the encryption to learn the
actual passwords.
I am not sure exactly how the PHP
On Fri, Mar 02, 2007 at 11:28:10AM +, Ian Barton wrote:
Note that passwords held in $DefaultPasswords and $AuthUser
are encrypted, so even if someone obtains the encrypted values
they would still need to break the encryption to learn the
actual passwords.
I am not sure exactly
On Fri, Mar 02, 2007 at 10:32:54AM +0100, Oliver Betz wrote:
Patrick R. Michaud wrote:
[...]
?action=diag:
* All global variables in effect at the time of execution
...for example [AuthId] an [AuthPw] containing current user name and
passwords in _plain text_. So as long as
Reading the manual, it says you should not set it for production
environments.
Is this really such a large security hole? What info does it give
malicious folks?
Sandy
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
On Thu, Mar 01, 2007 at 01:50:50PM -0500, Sandy wrote:
Reading the manual, it says you should not set it for production
environments.
Is this really such a large security hole? What info does it give
malicious folks?
In general I don't think it's a large security hole. Most if not
all of
10 matches
Mail list logo
