Menu
▾
▴
Re: [Phpwiki-talk] Known attacks against PhpWiki wikis?
|
From: Zot O'C. <zo...@wh...> - 2004-01-17 00:55:25
|
On Fri, 2004-01-16 at 12:34, Robert Dodier wrote: > Hello again, > > I have another question about security. Have there been any known > attacks against PhpWiki wikis? Excluding vandalism of pages. Has > it ever happened that someone successfully obtained a database > password and (1) really messed up the wiki -- e.g., in such a way > that it couldn't be reloaded from an archive, or I have not heard of this. > (2) got access to stuff other than the wiki content? > 2 easy ways to prevent this: 1) Run this on a web site with a user and group that is different than the norm. Have a wikiuser and wikigroup. Put apache in the wiki group. Then use flatfiles (gdbm). The most that can happen is the files is trashed/removed. 2) Do that anyway, but when creating the tables create them as wikidba and grant permissions to wikiwebuser. Never use these these users for anything else. The most that can happen, happen to the wikiwebuser accessible data. All the rest of your tables are owned by non-owner web users, right? If not tell the concerned party to stop looking for trouble, you've already found it! > Sorry to ask so many questions -- I am trying to convince a > skeptical third party that it's safe to run PhpWiki. Thanks for > your help. I appreciate it very much. Ask them what their worry is, then find it on their stuff..... If they are non-technical, do not suffer the arguments very long, it is not worth it. People who are paranoid, are, well paranoid. -- Zot O'Connor http://www.ZotConsulting.com http://www.WhiteKnightHackers.com |
