[Catalyst-dev] Wiki authentication

Matt S Trout dbix-class at trout.me.uk
Fri Jun 9 17:19:44 CEST 2006


Kiki wrote:
> Hello,
> 
> In light of the recent defacement of the Catalyst Trac wiki and
> permanent wiki spamming, editing and creating new pages is permitted
> only if you are authenticated. In order to make it easier for people to
> contribute we could use this plugin:
> 
> http://trac-hacks.org/wiki/AccountManagerPlugin
> 
> which allows people to register new accounts. Currently the passwd file
> used for authentication used by both trac and svn, but this plugin would
> require the file to be moved into the Catalyst environment and made
> writable by the apache user.
> 
> The problem is that separating the files would make it harder to keep
> users and their passwords synchronized, while keeping the file shared
> COULD result in 1) too many accounts (I have no idea what preformance
> imapct this would have), 2) a corrupt passwd file (due to possible bugs
> in the plugin) which would disable svn access as well as trac edit
> access. As stated the risks are potential.
> 
> So, I'd like some opinions and/or alternative solutions to the whole
> creating users/restricting access issue.

Unless anybody has a better idea, I say back up the svnpasswd file regularly 
(maybe we could keep it in svn :) and don't worry about it.

-- 
      Matt S Trout       Offering custom development, consultancy and support
   Technical Director    contracts for Catalyst, DBIx::Class and BAST. Contact
Shadowcat Systems Ltd.  mst (at) shadowcatsystems.co.uk for more information

+ Help us build a better perl ORM: http://dbix-class.shadowcatsystems.co.uk/ +



More information about the Catalyst-dev mailing list