hello,
i'm wondering if anyone has developed, or is working on, an authentication module for OG.
briefly, i set up an OG for some collaborators; they're now threatening to switch to a different wiki, and make the existing one read-only, because the spam problem is so bad.
the time/energy i want to devote to fixing this, is minimal. if anyone else is at least halfway, i'd appreciate a peek at code; i know it wouldn't be too much effort to hack something together, but it would be pretty thankless (though i suppose it's something that a lot of people want? trivial 'are you human', cookie-based spam holdoffs have simply not worked... and i know we went through that debate a few months ago...)
zx
On Thu 03 Feb 2005, Jo Walsh jo@frot.org wrote:
briefly, i set up an OG for some collaborators; they're now threatening to switch to a different wiki, and make the existing one read-only, because the spam problem is so bad.
the time/energy i want to devote to fixing this, is minimal.
Put something like this in .htaccess in the same directory as the wiki.cgi:
<Limit POST> Order deny,allow Deny from all AuthType Basic AuthName "Username: " AuthUserFile /home/kake/.htpasswd-openguides require valid-user satisfy any </Limit>
All the edit forms are POST. I think there is a POST search form as well, but this really needs changing to GET - there's no reason for search results not to be linkable to, and a search doesn't change data. Um, hack that in your version pending a fix in the distro. I wouldn't normally recommend that, but you seem to be in dire straits, and it's a bugfix which will go in at some point.
They won't get the auth request until after they've submitted the edit form though. I think (but have not tested this) that you can get around this by making a little login.cgi that's protected by the same htpasswd file and adding a link to this somewhere.
That really is a bit of a hack, but it might do.
Kake
On Thu, Feb 03, 2005 at 07:40:45PM +0000, Kake L Pugh wrote:
Put something like this in .htaccess in the same directory as the wiki.cgi:
That would be really cool to throw in the documentation on the dev wiki somewhere.
-- Earle
P.S. Hi from Venice! This town would be /perfect/ for a Guide.
On Thu 03 Feb 2005, Earle Martin openguides@downlode.org wrote:
That would be really cool to throw in the documentation on the dev wiki somewhere.
I pasted it here: http://openguides.org/dev/?node=FAQ
Kake
On Thu, 3 Feb 2005, Kake L Pugh wrote:
On Thu 03 Feb 2005, Jo Walsh jo@frot.org wrote:
briefly, i set up an OG for some collaborators; they're now threatening to switch to a different wiki, and make the existing one read-only, because the spam problem is so bad.
the time/energy i want to devote to fixing this, is minimal.
Put something like this in .htaccess in the same directory as the wiki.cgi:
<Limit POST> Order deny,allow Deny from all AuthType Basic AuthName "Username: " AuthUserFile /home/kake/.htpasswd-openguides require valid-user satisfy any </Limit>
All the edit forms are POST. I think there is a POST search form as well, but this really needs changing to GET - there's no reason for search results not to be linkable to, and a search doesn't change data. Um, hack that in your version pending a fix in the distro. I wouldn't normally recommend that, but you seem to be in dire straits, and it's a bugfix which will go in at some point.
They won't get the auth request until after they've submitted the edit form though. I think (but have not tested this) that you can get around this by making a little login.cgi that's protected by the same htpasswd file and adding a link to this somewhere.
i found with CGI:Wiki:Kwiki that this caused errors when it asked you to authenticate on an edit for the first time in that session it would lose the edit. Since the wiki was just for my own use i limited it by ip in apache. like this <Limit POST> Order deny,allow Deny from all Allow from xxx.xxx.xxx.xxx Allow from yyy.yyy.yyy.yyy </Limit>
since there are basically only two places i edit it from and if im not at those places i can login to them easily enuff. This is fine given a limted set of users.
http://randomness.org.uk/wiki/?node=WikiSpam and you will note that you cant make edits :)
On Thu, 3 Feb 2005, Jo Walsh wrote:
briefly, i set up an OG for some collaborators; they're now threatening to switch to a different wiki, and make the existing one read-only, because the spam problem is so bad.
since were talkign about wikispam mod_security might be an answer if you have enuff access to the setup. http://www.modsecurity.org/ bascially you can regexes have against posts(amongst othr things). admiitedly this then relies on building up a library of wikispams and regexes to catch them but i supsect a lot of rules in spamassasin could be transferable.
openguides-dev@lists.openguides.org