[Discuss] Wiki Security Risk
Greg Rundlett (freephile)
greg at freephile.com
Thu Feb 6 23:35:36 EST 2014
MediaWiki software is very secure (from hackers, or general software
vulnerabilities) when properly setup, configured and maintained. See
http://www.mediawiki.org/wiki/Manual:Security for more info on how to
setup/secure LAMP and MediaWiki
There were only 5 vulnerability reports in 2013 against MediaWiki - with
details (severity, scope, type) here:
http://secunia.com/advisories/product/2546/?task=statistics_2013
MediaWiki software is not designed to manage fine-grained access control
over contents. Therefore it would make a horrible customer account
reporting system for a bank. If you want a MediaWiki with content-specific
authorization controls, read about how you'll be fighting the system
internals here:
http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions
Quick tip: if you want to setup a public (or private) MediaWiki while
preventing spammers or non-authorized users from logging in and _creating_
content, then use the OpenID extension (
http://www.mediawiki.org/wiki/Extension:OpenID)
Greg
Greg Rundlett
http://eQuality-Tech.com
http://freephile.org
More information about the Discuss
mailing list