Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Wiki Security Risk



Have you heard of TWiki? Foswiki is a fork of TWiki. As I understand it,
the forking was in response to a dispute among TWiki developers over
licensing issues.


On Fri, Jan 31, 2014 at 6:52 PM, Bill Horne <bill at horne.net> wrote:

> On 1/31/2014 5:20 PM, David Kramer wrote:
>
>>
>> On 01/31/2014 01:56 PM, Jeffrey Young wrote:
>>
>>> I want to implement a Media Wiki at work, but my boss is worried about
>>> security risks.  To me it seems simple, if it's not exposed to the world,
>>> what's the problem?  Am I missing something?
>>>
>>> Thanks,
>>> Jeff
>>> _______________________________________________
>>> Discuss mailing list
>>> Discuss at blu.org
>>> http://lists.blu.org/mailman/listinfo/discuss
>>>
>> if "it's not exposed to the world" is known to be a true statement, then
>> what is he concerned about?
>>
>> I will say that MediaWiki *is* very hard to lock down  if that statement
>> is not known to be true.  Most wikis fall into one of two camps:
>> "Information wants to be free and that's what wikis are for so why would
>> you want to lock it down?" and "Today's internet is a scary place and
>> even wikis need access control".  There's not much in the middle.
>>
>> I LOVE Foswiki for many reasons, but very high on the list is that it
>> has full user/group authorizations at the system level, the wiki  level,
>> and at the page level.
>>
>
> +1
>
> Mediawiki's documentation specifically warns against trying to implement
> access controls. The software is used at Wikipedia, and so is geared toward
> an "everybody can write" model, albeit with retroactive oversight.
>
> I'm not familiar with Foswiki, but your point is well taken: the idea of a
> wiki is that many hands make short work, and trying to limit access is a
> contradiction in terms.
>
> Bill
>
> --
> Bill Horne
> William Warren Consulting
> http://www.william-warren.com/
> 339-364-8487
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email: abreauj at gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org