[Moin-user] Access Control List Clarification Needed
Thomas Waldmann
tw at waldmann-edv.de
Thu Jul 31 03:23:03 EDT 2003
> My understanding is the ACL code in CVS and the current nightly
> tarballs is not yet usable, but waiting for the name/password login
> code. Correct?
Not quite.
Well, if you need a *password login screen*, you will have to wait until
it's there (or use one of the patches on sourceforge and apply yourself).
But if some users on your system have an account and you can live with
cookie based "authentication", you already can use ACLs right now.
In earlier days, you could create multiple accounts for the same
username, but in recent cvs code this isn't possible any more. So a user
can't get access to protected pages by just changing his username to
someone else's.
But be careful: already existing "duplicate" accounts might be further
used, so maybe clean up there before using ACLs.
Of course you also can use ACLs to differentiate between Known: and All:
- these doesn't depend on authentication anyway. "Trusted:" will come
after an auth system is in place.
Thomas
More information about the Moin-user
mailing list