Recent Changes - Search:

SecurityVariables

$AllowPassword
This variable contains the special "nopass" password which was used in the past to leave pages or groups accessible without a password. Recent PmWiki versions use "@nopass" instead. If your wiki is old and/or may contain pages with the "nopass" password, you should not change it. If that variable is empty or set to false, PmWiki will not check if pages have a special "allowed password".
$DefaultPasswords
Specifies default passwords for user admin or actions (edit, read, upload). See PasswordsAdmin#settingsitewidepasswords.
$EnablePostAttrClearSession
A switch to control whether or not changing a page's attributes causes any existing passwords to be forgotten. The default is that changing attributes forgets any passwords entered; this can be changed by setting $EnablePostAttrClearSession to zero.
$EnableSessionPasswords
Control whether passwords are saved as part of the session. If set to zero, then session passwords are never saved (although any AuthUser authentications are still remembered).
$EnableCookieSecure
Set to 1 to enable the "Secure" flag for core PmWiki cookies (will only be transmitted via HTTPS). This includes author, preference, and cache core cookies and any custom cookies set via pmsetcookie().
Note: for the session cookie, you need to also add this line: @ini_set('session.cookie_secure', true);
Add these lines near the beginning of config.php.
$EnableCookieHTTPOnly
Set to 1 to enable the "HttpOnly" flag for core PmWiki cookies (will not be made available to JavaScript). This includes author, preference, and cache core cookies and any custom cookies set via pmsetcookie().
Note: for the session cookie, you need to also add this line: @ini_set('session.cookie_httponly', true);
Add these lines near the beginning of config.php.
$SessionEncode
Function to use to encode sensitive information in sessions. Set this to NULL if you want to not use any encoding. (See also $SessionDecode below.)
$SessionDecode
Function to reverse the decoding given by $SessionEncode above. Set this to NULL if sensitive session values are not encoded.
$HandleAuth
This sets the required authentication Level that is necessary to perform an action. When using the following example in your config.php you need to be authenticated as editor in order to view the page history:
        $HandleAuth['diff'] = 'edit';
$PageAttributes
Set the string shown on the attributes page when entering a password for an action.
$AuthLDAPBindDN
For sites using AuthUser with LDAP authentication, this specifies the distinguished name (DN) to be used to bind to the LDAP server to check identity.
$AuthLDAPBindPassword
For AuthUser with LDAP authentication, this specifies the password used for binding (in conjunction with $AuthLDAPBindDN above).
$AuthLDAPReferrals
Specifies whether to automatically follow referrals returned by the LDAP server, set 1 to enable or 0 to disable. By default this variable is unset, and the connection follows referrals if they are enabled on the server side (they usually are).
$EnablePublishAttr
Adds a new "publish" authorization level to distinguish editing of drafts from publishing - See $EnableDrafts.
$EnablePageVarAuth
In PmWiki versions 2.2.22 and 2.2.23 this variable should be set to 0. In 2.2.24 it will no longer be used.

See also:


This page may have a more recent version on pmwiki.org: PmWiki:SecurityVariables, and a talk page: PmWiki:SecurityVariables-Talk.

Edit - History - Print - Recent Changes - Search
Page last modified on June 30, 2018, at 08:51 AM