Tags:
create new tag
, view all tags

Question

Yes, documentation says topics protected by ALLOWTOPICVIEW can still be found via web search. But I have a user who would be satisfied with protection from casual inquiries.

We cannot get this to work at all.

We find that if a topic's preferences include a list of ALLOWTOPICVIEW users, and also a list of ALLOWTOPICCHANGE users, then when ANY user including TWikiAdministrator tries to view the topic, s/he gets "No permission to read XxxxXxxx - perhaps you need to log in?"

However ALLOWTOPICCHANGE users can indeed edit the topic.

The file permissions are such that apache user has permission to read the topic data files.

Environment

TWiki version: TWikiRelease04Sep2004
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Scientific Linux 3.04, kernel 2.4.21-47
Web server: Apache 2.0.46-56
Perl version: 5.8.0-90
Client OS: Red Hat 9, kernel 2.4.20-31
Web Browser: Mozilla 1.4
Categories: Permissions, Authentication, Security, Documentation

-- ElisabethAtems - 15 Aug 2006

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Do you use session tracking for your users? If not, any user is a TWikiGuest when you look at a topic. With the Sep 2004 release you have several options on authentication and session tracking, see TWikiUserAuthentication#Authentication_Options

-- PeterThoeny - 16 Aug 2006

I'm experiencing the exact same problem since updating to TWiki 4.0.5 (from "September 2004"). We haven't changed our configuration, but now users trying to view a protected page are not prompted for username and password.

I reviewed all configuration, specifically that Files "viewauth" is set to be password protected in .htaccess, and that the script viewauth exists and is a copy of view. Edit works fine.

When I manually type a URL replacing "view" with "viewauth", then I'm prompted for password and can login as usual. I'm therefore assuming that the URLs to view-protected pages don't get redirected through viewauth. I'm not sure what the reason for that could be.

Thank you for your help!

-- KatjaHofmann - 30 Oct 2006

Make sure the logon script is also protected.

-- CrawfordCurrie - 28 Nov 2006

Change status to:
Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2006-12-23 - SteveStark
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.