Being laid up with the flu, I couldn't sleep last night and my brain was aflame. So, I did a bit of hacking, and here's the result:
http://un.earth.li/~earle/cgi-bin/wiki.cgi
Note the link at the bottom right. Try creating some test nodes and deleting them! (If you could not delete "Example Node" I'd be grateful. The password is "test".
The way this works is that it checks the password you enter against a value in wiki.conf[0]. Not very subtle. However, this exposes a security issue, that I believe Ivor first picked up on - by default, wiki.conf is in the same directory as wiki.cgi, which means that anybody who knows that can just look and see all the configuration settings, including the password.
So, what's needed is for wiki.conf to be somewhere that's not world-readable. I was thinking maybe at configure time you'd be asked for a location for wiki.conf to be stored in, and that value could be stored in a file next to wiki.cgi for it to read.
Comments?
[0] I'll need to modify the config script to ask you for a password next.
On Thu 11 Dec 2003, Earle Martin openguides@downlode.org wrote:
http://un.earth.li/~earle/cgi-bin/wiki.cgi
Note the link at the bottom right. Try creating some test nodes and deleting them! (If you could not delete "Example Node" I'd be grateful. The password is "test".
It doesn't seem to work for me (Camino on OS X). When I click on "Delete page" it does move to a URL like http://un.earth.li/~earle/cgi-bin/wiki.cgi?id=Testing%20Make%20Me%20Feel%20G...
but nothing seems to actually happen - I just get the node redisplayed.
So, what's needed is for wiki.conf to be somewhere that's not world-readable. I was thinking maybe at configure time you'd be asked for a location for wiki.conf to be stored in, and that value could be stored in a file next to wiki.cgi for it to read.
Either that or munge the script on installation to insert the config file location there. It would be very nice to do this for library paths too.
Kake
On Fri, Dec 12, 2003 at 09:57:03PM +0000, Kate L Pugh wrote:
It doesn't seem to work for me (Camino on OS X).
That is because I am a spasmaloid and left something unfinished. Please try again now?
On Sat 13 Dec 2003, Earle Martin openguides@downlode.org wrote:
That is because I am a spasmaloid and left something unfinished. Please try again now?
Seems to work! (Except after I enter a password, correct or incorrect, the resulting page has two navbars instead of one.)
Deleting nodes is scary though.
How about I release 0.30 with the new template changes and the example stylesheets (will try to do it at lunchtime but otherwise it might not happen till tomorrow since I'm out tonight) and then we try adding the deletion mechanism to London and take frequent backups until we're sure nothing's going to screw up.
Sound like a plan?
Kake
Sorry, this one got buried in my inbox.
On Mon, Dec 15, 2003 at 09:42:47AM +0000, Kate L Pugh wrote:
Seems to work! (Except after I enter a password, correct or incorrect, the resulting page has two navbars instead of one.)
Hmm, so you do. Fixed now.
Deleting nodes is scary though.
The Power of Admin. :)
How about I release 0.30 with the new template changes and the example stylesheets...
Sounds good.
then we try adding the deletion mechanism to London and take frequent backups until we're sure nothing's going to screw up.
OK, let's go for it. Any thoughts on the config file issue? I know permissions on London don't currently let you view wiki.conf, but I'd like to get the mechanism sorted out for 0.31, as I think it's an important feature.
openguides-dev@lists.openguides.org
-
Earle Martin -
Kate L Pugh