Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Wiki Security Risk

On 1/31/2014 5:20 PM, David Kramer wrote:
> On 01/31/2014 01:56 PM, Jeffrey Young wrote:
>> I want to implement a Media Wiki at work, but my boss is worried about
>> security risks.  To me it seems simple, if it's not exposed to the world,
>> what's the problem?  Am I missing something?
>> Thanks,
>> Jeff
>> _______________________________________________
>> Discuss mailing list
>> Discuss at
> if "it's not exposed to the world" is known to be a true statement, then
> what is he concerned about?
> I will say that MediaWiki *is* very hard to lock down  if that statement
> is not known to be true.  Most wikis fall into one of two camps:
> "Information wants to be free and that's what wikis are for so why would
> you want to lock it down?" and "Today's internet is a scary place and
> even wikis need access control".  There's not much in the middle.
> I LOVE Foswiki for many reasons, but very high on the list is that it
> has full user/group authorizations at the system level, the wiki  level,
> and at the page level.


Mediawiki's documentation specifically warns against trying to implement 
access controls. The software is used at Wikipedia, and so is geared 
toward an "everybody can write" model, albeit with retroactive oversight.

I'm not familiar with Foswiki, but your point is well taken: the idea of 
a wiki is that many hands make short work, and trying to limit access is 
a contradiction in terms.


Bill Horne
William Warren Consulting

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /