changeset 4698:78e501f956b1

clarify CHANGES about secrets configuration changes
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 18 Apr 2009 00:44:40 +0200
parents 58b18877d6ac
children 34f0fe3ff120
files docs/CHANGES wiki/config/more_samples/jabber_wikiconfig_snippet wiki/config/more_samples/mail_wikiconfig_snippet
diffstat 3 files changed, 28 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/docs/CHANGES	Mon Apr 13 14:10:48 2009 +0200
+++ b/docs/CHANGES	Sat Apr 18 00:44:40 2009 +0200
@@ -16,6 +16,17 @@
     editor_force = True
     editor_default = 'text'  # internal default, just for completeness
 
+Version 1.8.current:
+  Bug fixes:
+    * Fixed docs bug: see HINT about secrets configuration at version 1.8.0
+      (1.8.0 Other changes).
+
+  New features:
+    * ...
+
+  Other changes:
+    * ...
+
 Version 1.8.2:
   Bug fixes:
     * Fix AttachFile and antispam XSS issues.
@@ -179,6 +190,21 @@
       parameter is no longer supported.
 
   Other Changes: =============================================================
+    * HINT: new configuration for misc. secrets, please use either:
+          secrets = "MySecretLooongString!" # one secret for everything
+      or:
+          secrets = {
+              'xmlrpc/ProcessMail': 'yourmailsecret', # for mailimport
+              'xmlrpc/RemoteScript': 'yourremotescriptsecret',
+              'action/cache': 'yourcachesecret', # unguessable cache keys
+              'wikiutil/tickets': 'yourticketsecret', # edit tickets
+              'jabberbot': 'yourjabberbotsecret', # jabberbot communication
+          }
+      Secret strings must be at least 10 chars long.
+      Note: mail_import_secret setting is gone, use
+            secrets["xmlrpc/ProcessMail"] instead of it.
+      Note: jabberbot secret setting is gone, use
+            secrets["jabberbot"] instead of it.
     * HINT: user_autocreate setting was removed from wiki configuration and
       replaced by a autocreate=<boolean> parameter of the auth objects that
       support user profile auto creation.
--- a/wiki/config/more_samples/jabber_wikiconfig_snippet	Mon Apr 13 14:10:48 2009 +0200
+++ b/wiki/config/more_samples/jabber_wikiconfig_snippet	Sat Apr 18 00:44:40 2009 +0200
@@ -8,5 +8,5 @@
     # A secret shared with notification bot, must be the same in both configs
     # (the wiki config and the notification bot config) for communication to work.
     # CHANGE IT TO A LONG RANDOM STRING, OR YOU WILL HAVE A SECURITY ISSUE!
-    secret = u""
+    secrets = u""  # alternatively, use secrets["jabberbot"]
 
--- a/wiki/config/more_samples/mail_wikiconfig_snippet	Mon Apr 13 14:10:48 2009 +0200
+++ b/wiki/config/more_samples/mail_wikiconfig_snippet	Sat Apr 18 00:44:40 2009 +0200
@@ -24,11 +24,11 @@
     # within moin, you need some script called by your MDA (e.g. procmail)
     # to DO the xmlrpc calls for each mail arriving for your wiki!
     #actions_excluded = [] # it won't work if 'xmlrpc' is excluded!
-    #mail_import_secret = "foo" # a shared secret also known to the mail importer xmlrpc script
     #mail_import_subpage_template = u"$from-$date-$subject" # used for mail import
     #mail_import_pagename_search = ['subject', 'to', ] # where to look for target pagename (and in which order)
     #mail_import_pagename_envelope = u"%s" # use u"+ %s/" to add "+ " and "/" automatically
     #mail_import_pagename_regex = r'\[\[([^\]]*)\]\]' # how to find/extract the pagename from the subject
     #mail_import_wiki_addrs = [] # the e-mail addresses for e-mails that should go into the wiki
+    #secrets = ""  # or secrets["xmlrpc/ProcessMail"] - a shared secret also known to the mail importer xmlrpc script