3 Feb
2005
3 Feb
'05
6:49 p.m.
hello,
i'm wondering if anyone has developed, or is working on, an
authentication module for OG.
briefly, i set up an OG for some collaborators; they're now
threatening to switch to a different wiki, and make the existing one
read-only, because the spam problem is so bad.
the time/energy i want to devote to fixing this, is minimal. if anyone
else is at least halfway, i'd appreciate a peek at code; i know it
wouldn't be too much effort to hack something together, but it would
be pretty thankless (though i suppose it's something that a lot of
people want? trivial 'are you human', cookie-based spam holdoffs have
simply not worked... and i know we went through that debate a few
months ago...)
zx
3 Feb
3 Feb
7:40 p.m.
On Thu 03 Feb 2005, Jo Walsh <jo(a)frot.org> wrote:
briefly, i set up an OG for some collaborators;
they're now
threatening to switch to a different wiki, and make the existing one
read-only, because the spam problem is so bad.
the time/energy i want to devote to fixing this, is minimal.
Put something like this in .htaccess in the same directory as the wiki.cgi:
<Limit POST>
Order deny,allow
Deny from all
AuthType Basic
AuthName "Username: "
AuthUserFile /home/kake/.htpasswd-openguides
require valid-user
satisfy any
</Limit>
All the edit forms are POST. I think there is a POST search form as
well, but this really needs changing to GET - there's no reason for
search results not to be linkable to, and a search doesn't change
data. Um, hack that in your version pending a fix in the distro. I
wouldn't normally recommend that, but you seem to be in dire straits,
and it's a bugfix which will go in at some point.
They won't get the auth request until after they've submitted the edit
form though. I think (but have not tested this) that you can get
around this by making a little login.cgi that's protected by the same
htpasswd file and adding a link to this somewhere.
That really is a bit of a hack, but it might do.
Kake
8:53 p.m.
On Thu, Feb 03, 2005 at 07:40:45PM +0000, Kake L Pugh wrote:
Put something like this in .htaccess in the same
directory as the wiki.cgi:
That would be really cool to throw in the documentation on the dev wiki
somewhere.
-- Earle
P.S. Hi from Venice! This town would be /perfect/ for a Guide.
--
Earle Martin
http://downlode.org/
http://purl.oclc.org/net/earlemartin/
9 p.m.
On Thu 03 Feb 2005, Earle Martin <openguides(a)downlode.org> wrote:
That would be really cool to throw in the
documentation on the dev wiki
somewhere.
I pasted it here:
http://openguides.org/dev/?node=FAQ
Kake
4 Feb
4 Feb
1:01 a.m.
On Thu, 3 Feb 2005, Kake L Pugh wrote:
On Thu 03 Feb 2005, Jo Walsh <jo(a)frot.org>
wrote:
i found with CGI:Wiki:Kwiki that this caused errors when it asked you to
authenticate on an edit for the first time in that session it would lose
the edit. Since the wiki was just for my own use i limited it by ip in
apache.
like this
<Limit POST>
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
Allow from yyy.yyy.yyy.yyy
</Limit>
since there are basically only two places i edit it from and if im not at
those places i can login to them easily enuff.
This is fine given a limted set of users.
http://randomness.org.uk/wiki/?node=WikiSpam
and you will note that you cant make edits :)
--
Bob Walker
http://www.randomness.org.uk/
Plain Digestives. The biscuit for choice!
briefly, i set up an OG for some collaborators;
they're now
threatening to switch to a different wiki, and make the existing one
read-only, because the spam problem is so bad.
the time/energy i want to devote to fixing this, is minimal.
Put something like this in .htaccess in the same directory as the wiki.cgi:
<Limit POST>
Order deny,allow
Deny from all
AuthType Basic
AuthName "Username: "
AuthUserFile /home/kake/.htpasswd-openguides
require valid-user
satisfy any
</Limit>
All the edit forms are POST. I think there is a POST search form as
well, but this really needs changing to GET - there's no reason for
search results not to be linkable to, and a search doesn't change
data. Um, hack that in your version pending a fix in the distro. I
wouldn't normally recommend that, but you seem to be in dire straits,
and it's a bugfix which will go in at some point.
They won't get the auth request until after they've submitted the edit
form though. I think (but have not tested this) that you can get
around this by making a little login.cgi that's protected by the same
htpasswd file and adding a link to this somewhere.
1:10 a.m.
On Thu, 3 Feb 2005, Jo Walsh wrote:
briefly, i set up an OG for some collaborators; they're now
threatening to switch to a different wiki, and make the existing one
read-only, because the spam problem is so bad.
since were talkign about wikispam
mod_security might be an answer if you have enuff access to the setup.
http://www.modsecurity.org/
bascially you can regexes have against posts(amongst othr things).
admiitedly this then relies on building up a library of wikispams and
regexes to catch them but i supsect a lot of rules in spamassasin could
be transferable.
--
Bob Walker
http://www.randomness.org.uk/
Plain Digestives. The biscuit for choice!
6692
days inactive
6693
days old
openguides-dev@lists.openguides.org
5 comments
4 participants
participants (4)
-
Bob Walker -
Earle Martin -
Jo Walsh -
Kake L Pugh