Menu
▾
▴
Re: [Phpwiki-talk] RFC: HOW TO alternate security setups in PhpWiki
|
From: Reini U. <ru...@x-...> - 2005-01-17 19:08:54
|
Charles Corrigan schrieb: > Here is a draft security HOW-TO. Please comment. There are some > outstanding questions (particularly about whether it is necessary to lock > group pages) and there is a bug in SetAcl (regarding removing groups from > an Acl) that I want to look into before completing this document. > > Eventually, with cleanup, it could become a WikiPage in it's own right. > ; Store group information in wiki pages > ; there's no need to develop a complex front end for a database. > GROUP_METHOD = WIKIPAGE Note that GROUP_METHOD = WIKIPAGE is by far the slowest and uses the most memory, but is easiest to maintain. Unfortunately all security checks (may list, may view, may edit, ...) go through the groups, which requires a pagecontent retrieval and several more page checks. With DB or LDAP it's almost atomic. > 3 - change the default page permissions. This is the not so well > documented piece (as far as I can tell). Create a page named . to hold > these default permissions. Yes, named "." - this cannot be done directly > from normal web interface. (Note that these permissions may be over-ridden > at the individual page level.) /wiki/.?action=edit is forbidden? Oops, that's a bug, introduced lately. It should only be forbidden on DATABASE_TYPE = file. This page should definitely go into the phpwiki docs immediately, without any further discussion here. Better fix it in the wiki. Good work! It should link to our existing WikiSpam page, which misses some latest development (link restriction, SpamAssassinIntegration). I don't know if we should announce our existing anti-spam methods in a wikipage though. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
