Re: Bug#485562: twiki: configure script access badly protected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I was hoping to have time for this today, but it seems not to be.
I would suggest using 'TWiki Configure User & Password' and setting the
configure save pwd to the same thing. (and making the username for it
'admin')
That way it will not need to change for the 4.2.x package, where there
is an internal admin user, whose password is the same as the configure
save password, and will also be used to authenticate to get to the
configure script.
I might still hammer out a 4.2.0 package tomorrow, but no breath holding
please.
Sven
Justin B Rye wrote:
> Olivier Berger wrote:
>> *Should be "apache" in all three.*
>>
>> By "apache user", I mean something which relates to Require user in the
>> apache.conf section of the 'configure' script... of course, this assumes
>> that it's running apache and no other web server ;)
>>
>> In any case, that's meant to differenciate from "TWiki users", which are
>> managed "inside twiki".
>
> I'm still not quite convinced by the expression "apache user", but I
> can't decide what alternative I'd suggest.
>
> The trouble with "apache user" is that it might mean the local
> system's www-data, or maybe the owner of the computer, rather than
> a browser-user authenticated via mod_auth_basic...
>
> _Description: User allowed access to 'configure' script
> Please enter the name of the **** user who will be allowed
> to run the configure script at ${site}/cgi-bin/configure.
>
> _Description: Password for ${configuser}:
> Please enter the password of the **** user who will be allowed
> to run the configure script at ${site}/cgi-bin/configure.
>
> Where "****" is... "HTTP"? "authenticated"? "htpasswd"?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIZfClPAwzu0QrW+kRAqOdAKCxrPpAFp0LpvZW5esxx6t3uT3enACfcwrT
fWpvioHo5QOeWTn2qtvFz9s=
=RzJ1
-----END PGP SIGNATURE-----
Reply to: