[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#485562: twiki: configure script access badly protected

Hash: SHA1

I was hoping to have time for this today, but it seems not to be.

I would suggest using 'TWiki Configure User & Password' and setting the
configure save pwd to the same thing. (and making the username for it

That way it will not need to change for the 4.2.x package, where there
is an internal admin user, whose password is the same as the configure
save password, and will also be used to authenticate to get to the
configure script.

I might still hammer out a 4.2.0 package tomorrow, but no breath holding


Justin B Rye wrote:
> Olivier Berger wrote:
>> *Should be "apache" in all three.*
>> By "apache user", I mean something which relates to Require user in the
>> apache.conf section of the 'configure' script... of course, this assumes
>> that it's running apache and no other web server ;)
>> In any case, that's meant to differenciate from "TWiki users", which are
>> managed "inside twiki".
> I'm still not quite convinced by the expression "apache user", but I
> can't decide what alternative I'd suggest.
> The trouble with "apache user" is that it might mean the local
> system's www-data, or maybe the owner of the computer, rather than
> a browser-user authenticated via mod_auth_basic...
>  _Description: User allowed access to 'configure' script
>   Please enter the name of the **** user who will be allowed
>   to run the configure script at ${site}/cgi-bin/configure.
>  _Description: Password for ${configuser}:
>   Please enter the password of the **** user who will be allowed
>   to run the configure script at ${site}/cgi-bin/configure.
> Where "****" is... "HTTP"?  "authenticated"?  "htpasswd"?

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Reply to: