[dokuwiki] Re: trustExternal, existing cookies
- From: Bob McConnell <rmcconne@xxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 26 Sep 2007 01:16:32 -0400
Brett Fountain wrote:
Hello ~
I want to DokuWiki to use external cookie authentication: considering
someone "authenticated" if they have certain cookies (name, email,
groups) already set when they come to the wiki. If they don't yet have
those cookies set, I want the wiki to bump them to a URL where they'll
be authenticated. Seems easy enough, eh?
I don't want to manage wiki users, I don't want to create/delete users
(or have the wiki doing it), I don't want there to be any usernames or
passwords to deal with -- nothing. If a user comes to the wiki with a
cookie that says they're in the editors group, then fine, they are.
DokuWiki lets them have those editing permissions, and stamps their
name/email on whatever they edit, again, based on what their cookie said
for their name/email.
Hi Brett,
You might wish to reconsider this. Most browsers can be configured so
they will only return cookies to the server that set them. So your wiki
will never see those authentication cookies from the other server. This
is a natural form of protection developed to protect from scripts that
invoke hidden cross site links in order to plant a virus on your computer.
Bob McConnell
N2SPP
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
