Pm Wiki has built-in support for password-protecting various areas of the wiki site. Authors generally want to be able to apply passwords to individual pages or to WikiGroups. Wiki Administrators can apply passwords to individual pages, to WikiGroups, or to the entire wiki site. As with any access control system, the password protection mechanisms described here are only a small part of overall system and wiki security. PmWiki.Security will contain a more thorough discussion of possible issues.
As an author editing pages...
You will generally use 3 types of passwords:
Note that if an
To set a password on an individual wiki page, add
To set a password on a wiki group is slightly more difficult--you just set the passwords on a special page in each group called "Group Attributes". You can get to the attributes page for GroupAttributes by entering a URL (address) like
As an administrator ...
You can set passwords on pages and groups exactly as described above for authors. You can also:
For more information on password options available to administrators, see Pm Wiki.Passwords Admin.
Which password wins?
In Pm Wiki, page passwords override group passwords, group passwords override the default passwords, and the
Security holes ...
Administrators need to carefully plan where passwords are applied to avoid opening inadvertent security holes. If your wiki is open (anyone can read and edit), this would not seem to be a concern, except, a malicious or confused user could apply a read password to a group and make the group completely unavailable to all other users. At the very least, even an open wiki should have a site-wide "admin" password and a site-wide "attr" password set in config.php. The sample-config.php file distributed with Pm Wiki indicates that the Pm Wiki and Main groups have "attr" locked by default, but if anyone creates a new group, "attr" is unlocked. Administrators must remember to set "attr" passwords for each new group (if desired) in this case. An easier solution is to include these lines in config.php :
This sets your "admin" and "attr" passwords and ensures that any new group will have this "attr" password automatically applied to it.
Protecting all the pages in a group except one
To protect all of the pages in a group from editing, enter a URL (address) like