Martin Drautzburg <martin.drautzburg at web.de> wrote:
> Russell Allen <russell.allen at firebirdmedia.com> writes:
> 
> > Maybe the problem is that it isn't in the image?  Make the swiki so it
> > can be only edited from within the image (ie Scamper).  You can still
> > browse it from outside, but to edit must be running Squeak.   This would
> > be a very simple change...
> > 
> > Just thoughts,
> 
> I like that idea.


After a little thought, I don't really like it.  The reason Swikis have
stayed pure so far is that they are obscure.  Now that people are on to
them, though, more layers of obscurity won't help very much.  We should
come up with a solution that is decent even when people know how we are
protecting them.

The solution will probably involve one of the following:

	1. A single password that is possibly updated every once in a while. 
This is annoying, it has troubles with distributing the password, and
it's probably not *real* effective, but it is a step forward.

	2. A password per contributor, plus machinery and beauracracy to deal
with who is allowed to post.  This sounds similar to the above, but note
that now we can detect who is making bad changes and we can kick them
off.  We have the extra cost, though, of needing an application process
for accounts that is good enough to prevent repeat attacks.

	3. The same as #2, but with public key encryption instead of passwords.
 This is more convenient for users, once we have a new client
implemented.  (This is where, IMHO, we should focus  any Squeak-based
efforts.  Try to make it authenticate using PGP keys....)



-Lex