[Discuss] Wiki Security Risk

[bill at horne.net (Bill Horne)]

On 1/31/2014 5:20 PM, David Kramer wrote:
>
> On 01/31/2014 01:56 PM, Jeffrey Young wrote:
>> I want to implement a Media Wiki at work, but my boss is worried about
>> security risks.  To me it seems simple, if it's not exposed to the world,
>> what's the problem?  Am I missing something?
>>
>> Thanks,
>> Jeff
>> _______________________________________________
>> Discuss mailing list
>> Discuss at blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
> if "it's not exposed to the world" is known to be a true statement, then
> what is he concerned about?
>
> I will say that MediaWiki *is* very hard to lock down  if that statement
> is not known to be true.  Most wikis fall into one of two camps:
> "Information wants to be free and that's what wikis are for so why would
> you want to lock it down?" and "Today's internet is a scary place and
> even wikis need access control".  There's not much in the middle.
>
> I LOVE Foswiki for many reasons, but very high on the list is that it
> has full user/group authorizations at the system level, the wiki  level,
> and at the page level.

+1

Mediawiki's documentation specifically warns against trying to implement 
access controls. The software is used at Wikipedia, and so is geared 
toward an "everybody can write" model, albeit with retroactive oversight.

I'm not familiar with Foswiki, but your point is well taken: the idea of 
a wiki is that many hands make short work, and trying to limit access is 
a contradiction in terms.

Bill

-- 
Bill Horne
William Warren Consulting
http://www.william-warren.com/
339-364-8487