[Smaug] CMS strengths/weaknesses

Anthony Ettinger apwebdesign at yahoo.com
Fri Nov 11 08:17:36 PST 2005

> My own preference is to leave login enabled and
> required.  Again,
> personal opinion, but:  Given that people can use
> (e.g.) their given
> names for login and password, that "it's too much
> bother to login"
> objection seems a bit weak.  It strikes me as
> meaning "wasn't going to
> use the system, anyway".

I can only speak for myself, but that's the main
reason I don't use phpnuke sites. Why do I need yet
another account, to do something a wiki will do

It would be cool if the mailing list form could also
post the user/pass to the CMS and create the account
automatically. Single signon is a big plus, in my
opinion. But again, that's just me, I'm sure you have
a different opinion.
> The aim of authentication for wikis isn't really
> security, exactly; more
> like basic accountability.  

Correct. Do we have to have a secure login? What are
we protecting?

> I wouldn't even bother with Captcha (and related
> accessibility hurdles)
> unless/until there's a bot problem.

It will happen if you use an off-the-shelf package.
Something popular. A roll-your-own solution is less
apt to have a bot written, since it wouldn't be widely used.

Anthony Ettinger
ph: (408) 656-2473
web: http://www.apwebdesign.com

More information about the Smaug mailing list