Item10415: Document requrements if guests can edit

git-svn-id: http://svn.foswiki.org/branches/Release01x01@11213 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Mar 25, 2011 · 1f1567d · 1f1567d
1 parent d02ff40
commit 1f1567d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/core/data/System/UserAuthentication.txt b/core/data/System/UserAuthentication.txt
@@ -212,9 +212,9 @@ If the ={PasswordManager}= does not support password changing, ChangeEmailAddres
 
 #IndividualScripts
 ---++ Controlling access to individual scripts
-You may want to add or remove scripts from the list of scripts that require authentication. The method for doing this is different for each of Template Login and Apache Login.
+You may want to add or remove scripts from the list of scripts that require authentication. The method for doing this is different for each of Template Login and Apache Login.  %T% Any scripts listed as requiring authentication will not be usable by the Guest user.  If you require that %USERSWEB%.WikiGuest be allowed to edit topics on your site, =edit= and =save= must be removed from the list of scripts requiring authentication.
    * For Template Login, update the ={AuthScripts}= list using [[%SCRIPTURLPATH{"configure"}%#Login$SecurityAndAuthentication][configure]]
-   * For Apache Login, add/remove the script from =.htaccess=
+   * For Apache Login, add/remove the script from =.htaccess=, or from the !FilesMatch line in the Apache configuration.
 #HowTo
 ---++ How to choose an authentication method
 

diff --git a/core/lib/Foswiki.spec b/core/lib/Foswiki.spec
@@ -328,7 +328,9 @@ $Foswiki::cfg{LoginManager} = 'Foswiki::LoginManager::TemplateLogin';
 # authenticate. This setting is used with TemplateLogin; any time an
 # unauthenticated user attempts to access one of these scripts, they will be
 # required to authenticate. With ApacheLogin, the web server must be configured
-# to require a valid user for access to these scripts.
+# to require a valid user for access to these scripts.  <code>edit</code> and
+# <code>save</code> should be removed from this list if the guest user is permitted to
+# edit topics without authentication.
 $Foswiki::cfg{AuthScripts} = 'attach,edit,manage,rename,save,upload,viewauth,rdiffauth,rest';
 
 # **BOOLEAN EXPERT**