phpwiki-talk

[Phpwiki-talk] phpWiki and postnuke at Daimonin

[Michael T. <mic...@da...>]

Hello

We are the daimonin mmorpg project:
http://www.daimonin.net

We use phpWiki as our main documentation & information
central of our postnuke site. I have to say that we are
very happy with that solution and its a great success. 
Thank you guys!

The only negative point is, that we can't use the original
phpWiki but a modified version which used the postnuke
user permission interface.

When you look at the site and you understand what we do you will
see how incredible useful the permission system is. We give access
to several parts of the website include site sub-admins, gallery 
album owners, file system upload permission, forum permission,
forum moderator permission and at last write access to the wiki.

Thats only (and really only, our old website had it not, so we
know where we talk about) possible with one central permission and
group system which gave us the Postnuke CMS.

As a game (with much underage users), we need a stable & secure 
permission system. A free wiki access is no option. In the old website
we had deleting and vandalism of pages every few hours.

With the new webpage, we had not a single issue.

When you look at the phpWiki of our site, you will notice how good it 
fits in the CMS and how useful it is.

What i fear is, that someone find a exploit in the hacked phpWiki.
Its not active in development anymore and it has still issues.

Has the phpWiki community ever thought about to add a native postnuke
interface? Postnuke lakes a native wiki. It has a very easy to use
interface which allows it to bind in modules. Also, the changes would
be normally not so hard - just a redirect to the postnuke permission
system. Nearly all other parts from phpWiki fits in fine.

It would be a win/win solution for both projects. Postnuke would get
a stable, tested & working wiki. phpWiki would get a incredible boost
in users and, i can ensure it as a open source project leader for years now,
alot more developer.

Both project would gain ALOT for a little work.

They would stay independed as projects but would gain
through the Synergy effect of the interface both a big
boost. 

Michael Toennies
Daimonin MMORPG

RE: [Phpwiki-talk] phpWiki and postnuke at Daimonin

[Charles C. <ch...@ru...>]

Hi,

Have looked at the latest PhpWiki security framework? In my opinion, it is quite complete. While I would not consider myself an
expert on the code, I did some testing and patching in the past 4 months with an emphasis on security and wrote doc/README.security
to capture what I learned.

There are several layers to PhpWiki's security framework and implementations.

The first is the identification and authentication. This can be provided by several different mechanisms, including (but not limited
to): database, ldap or wikipage.

The next layer is group membership. Some are builtin groups and the other group memberships can be provided by at least two
different mechanisms (database and wikipages). A user may be a member of multiple groups.

The final layer is page permissions. Each group may have varying permissions to a page.  The page group permissions are attached to
pages in a hierarchical manner - if there is no relevant permission defined for a page, its parent is checked.

If the PostNuke security structure is roughly analogous to this, it should be easy to extend PhpWiki to use PostNuke's
identification, authentication and group memberships. However, it could be quite difficult to modify the page level permission
system.

I suggest that you first look at doc/README.security to learn about one way to secure PhpWiki (there are several alternatives) and
then look at the layers I described above to see if it is worthwhile for you to follow up further.

Regards,
Charles

-----Original Message-----
From: Michael Toennies [mailto:mic...@da...] 
Sent: 29 March 2005 21:53
To: php...@li...
Subject: [Phpwiki-talk] phpWiki and postnuke at Daimonin

Hello

We are the daimonin mmorpg project:
http://www.daimonin.net

<snip>

Has the phpWiki community ever thought about to add a native postnuke
interface? Postnuke lakes a native wiki. It has a very easy to use
interface which allows it to bind in modules. Also, the changes would
be normally not so hard - just a redirect to the postnuke permission
system. Nearly all other parts from phpWiki fits in fine.

Re: [Phpwiki-talk] phpWiki and postnuke at Daimonin

[Reini U. <ru...@x-...>]

Michael Toennies schrieb:
> We are the daimonin mmorpg project:
> http://www.daimonin.net
...
> What i fear is, that someone find a exploit in the hacked phpWiki.
> Its not active in development anymore and it has still issues.
> 
> Has the phpWiki community ever thought about to add a native postnuke
> interface? Postnuke lakes a native wiki. It has a very easy to use
> interface which allows it to bind in modules. Also, the changes would
> be normally not so hard - just a redirect to the postnuke permission
> system. Nearly all other parts from phpWiki fits in fine.

...

I started with testing phpnuke, postnuke and gforge integration about 
one and a half year ago.
For gforge I had to fix some phpwiki internal (nameclashes), postnuke 
should work fine with some minor tweaks similar to gforge, and phpnuke 
is just too dirty to get my hands upon.
The WhoisOnline plugin and graphics e.g. are directly from postnuke.

Right I'm too busy with the release and other things, but after that 
I'll happy to finish that integration.
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban
http://phpwiki.org