Difference: TWikiUserAuthentication (25 vs. 26)

Revision 262013-11-29 - Main.PimVanNierop

Line: 1 to 1

TWiki User Authentication

Line: 213 to 213
 Most TWiki sites don't use SSL, so, as is the case with most sites that don't use SSL, there is always a possibility that a password could be picked out of the aether. Browsers do not encrypt passwords sent over non-SSL links, so using Apache Login is no more secure than Template Login.

Of the two shipped login managers, Apache Login is probably the most useful. It lets you do this sort of thing:

wget --http-user=RogerRabbit --http-password=i'mnottelling http://www.example.com/bin/save/Sandbox/StuffAUTOINC0?text=hohoho,%20this%20is%20interesting
wget --http-user=RogerRabbit --http-password=i'mnottelling http://www.example.com/bin/save/Trash/Trash/Sandbox/StuffAUTOINC0?text=hohoho,%20this%20is%20interesting
 i.e. pass in a user and password to a request from the command-line. However it doesn't let you log out.

Template Login degrades to url re-writing when you use a client like dillo that does not support cookies. However, you can log out and back in as a different user.

This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiUserAuthentication