Access control for friends and wizards
Error creating thumbnail: File missing Language: |
English • français |
---|
Access to the content of a base is controlled through several mechanisms:
- A server level access control limiting access to a list of persons, verified by a password;
- A base level access control limiting access to a list of persons, verified by a password.
These two mechanisms restrict to a known list the possible visitors to a base. See Access for details.
- A generic of specific password mechanism giving to some visitors the status of:
- Wizard: having total read and write access to the base content;
- Friend: having total read access to the content of the base;
- Visitors: (default status) having limited access to the content of the base (persons older than some value, as defined by
private_years
in the configuration filebasename.gwf
. Default is 150 years).
- Visitors have also access to persons tagged as "public", as defined in Update a person.
Generic access
Generic access is directly defined in the configuration file basename.gwf
:
friend_passwd= wizard_passwd=
Two syntaxes are possible for the value of this parameter:
username:password
: in this case all users share the same username/password pair;password
: in this case, username is optional and left to the choice of the user.
- note that
username
is displayed on some GeneWeb pages such as thewelcome.txt
page.
For instance, the grimaldi.gwf
configuration file of the Geneweb test base (accessed as Demo on this wiki left sidebar) contains:
friend_passwd=grimaldi:friend wizard_passwd=grimaldi:wizard
Depending on the template, user authentication is achieved through direct entry of username:password
in the appropriate input line, or through clicking on a "friend" or "wizard" button, in which case the browser will pop-up a small window with two entry lines for the username
and the password
. In this case, the :
is simply ignored.
Note that the access control pop-up window of GeneWeb may offer in some context a single capture field rather that two. In this case, one should entre the full {{c|username:password]] sequence (or password
if there is no username).
Specific access
Specific access control is achieved by defining files containing username:password
pairs (usually with extension .auth
). The names of those files are directly defined in the configuration file basename.gwf
and should reside in the bases
folder. There can be several files for several bases:
friend_passwd_file= wizard_passwd_file=
The syntax of those files is as follows:
username:password username:password:comment username:password:full name:comment username:password:first-name /last-name:comment
The full name appears in the wizard page, alphabetically sorted.
The /
helps define the sorting position in the case of compound names.
For instance: louis:xyz:Louis de /Broglie
will be sorted at letter B
and appear as Broglie (Louis de)
.
When both specific access and generic access are specified in the configuration file basename.gwf
, the specific access mechanism takes precedence.
Transmitting user/pass in the url
It is possible to send to the server the username/password pair within the request:
http://host:2317/Basename?request&w=username:password
In this example, request
can be any legitimate GeneWeb request.
The only drawback of this method is that the password is transmitted to the server in the clear!!
Access control in CGI mode
When in CGI mode, the access controls described above are operational, and are redundant with other authentication methods proposed by the web server such as .htaccess
files with Apache.
As .htaccess
allows access control through a list of username/password
entries, visitors without a password already don’t have access to databases. In GeneWeb, it is better to set friend_passwd=
to null to avoid a second authentication for friends while maintaining a password (or passwords file) for wizards who will need to get authenticated a second time.
GeneWeb Manual
- Download and install GeneWeb program under GNU/Linux, Mac OS X, Microsoft Windows, FreeBSD; on Mac OS X, Linux or Windows using Docker; or in CGI mode behind a web server.
- Understand GeneWeb server, homonym, consanguinity.
Use and manage genealogical databases
- Import Gedcom
.ged
or GeneWeb.gw
files with gwsetup or in command-line. - Update datas (add/remove individuals and families), merge duplicates, type dates.
- Use wikitext syntax, macros, keyboard shortcuts.
- Clean, recover, rename, save, archive a database.
- Merge and split multiples databases.
Technical annex
- Personalize CSS, header and trailer, templates, lexicon and declension.
- Configuration file
.gwf
(for templm), wizard notes, passwords for friends/wizards and access restrictions to databases. - Add images in notes, further remarks for experts.