"Steve" wrote:
2) I have a wiki and in this wiki some of the pages
can be viewed without
login
in and the rest you need to be logged in. Now say that I want to have a
link
from my other website into my wiki's password protected section. Is there
a way
that I could authenticate myself without using the wiki's login
page, -say
maybe pass the credentials in the header? Any other suggestions?
Steve
If they are being available from outside, you should de-protect it. You can
always
keep secret the url to that un-protected page.
There're ways you could chwck it, like using auth in url or checking the
referer, but
they're all vulnerable, so you should decide: make it secret or not.
Alternatively, you
could make the other website secret too and sharing the credentials.