[Phpwiki-talk] PhpWiki Security

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

The machine that runs wikilens.org was hacked through an old unpatched 
instance of PhpBB2.

This delayed our release of MoonBadger, which by the way Reini, has a 
few primitive auto-complete textboxes, though not through the cool 
server-side XML-RPC. We'd love that, although it would require PhpWiki 
responding quickly. I don't know performance now, but our pages are 
around 1s, pretty slow for autocomplete, although page render is 
probably more work than returning a few autocomplete results.

Aside from that, it made me wonder about the security of PhpWiki. If I 
get hacked again, our systems support will frown at me even more, and we 
have several PhpWikis running, some externally visible (like wikilens). 
Are there known exploits in 1.3.7 or 1.3.9? Has somebody thought about 
security? Is there a writeup somewhere I can read?

Thanks in advance.

Dan