Menu
▾
▴
phpwiki-talk
|
From: Stan B. <sb...@po...> - 2005-03-30 22:42:05
|
Hi, I have tried to configure PhpWiki in secure mode: everyone can view, only authorized users can edit. That simple. But I've never succeeded. My last try is here http://www.berka.name/phpwiki in case you want to try it out. Try to sign-in. It's ver. 1.3.10. Could anyone provide information leading to a working configuration like this? I mean: which phpwiki version, provide a config file and any other info that matters? This installation is on Linux/Apache/mysql. I'd really appreciate your help. I'm using phpwiki in our office all the time; it's wonderfull, but here I need a secure mode and... I'm attaching below the config.ini from berka.name; lines commented out are removed. -- Best regards, Stan Berka Senior Programmer Analyst Pope & Talbot, Inc. Portland, OR 503 552-4315 --- config.ini DEBUG = 1 ENABLE_USER_NEW = true WIKI_NAME = BerkaWiki ENABLE_REVERSE_DNS = true ADMIN_USER = admin ADMIN_PASSWD = <snip> ENCRYPTED_PASSWD = true ZIPDUMP_AUTH = false ENABLE_RAW_HTML = false; STRICT_MAILABLE_PAGEDUMPS = false HTML_DUMP_SUFFIX = .html MAX_UPLOAD_SIZE = 16777216 MINOR_EDIT_TIMEOUT = 604800 CACHE_CONTROL = LOOSE CACHE_CONTROL_MAX_AGE = 600 DATABASE_TYPE = SQL DATABASE_DSN = "mysql://berka8f_admin:<snip>@localhost/berka8f_phpwiki" DATABASE_SESSION_TABLE = session DATABASE_DIRECTORY = /tmp DATABASE_DBA_HANDLER = gdbm DATABASE_TIMEOUT = 20 MAJOR_MAX_AGE = 32 MAJOR_KEEP = 8 MINOR_MAX_AGE = 7 MINOR_KEEP = 4 AUTHOR_MAX_AGE = 365 AUTHOR_KEEP = 8 AUTHOR_MIN_AGE = 7 AUTHOR_MAX_KEEP = 20 ALLOW_ANON_USER = true ALLOW_ANON_EDIT = false ALLOW_BOGO_LOGIN = false ALLOW_USER_PASSWORDS = true USER_AUTH_ORDER = "Db" PASSWORD_LENGTH_MINIMUM = 6 USER_AUTH_POLICY = first-only LDAP_AUTH_HOST = "ldap://localhost:389" LDAP_BASE_DN = "ou=Users,o=Development,dc=mycompany.com" GROUP_METHOD = WIKIPAGE DBAUTH_AUTH_DSN = "mysql://berka8f_admin:<snip>@localhost/berka8f_phpwiki" DBAUTH_AUTH_USER_EXISTS = "SELECT userid FROM user WHERE userid='$userid'" DBAUTH_AUTH_CHECK = "SELECT IF(passwd=PASSWORD('$password'),1,0) FROM user WHERE userid='$userid'" DBAUTH_AUTH_CRYPT_METHOD = plain DBAUTH_AUTH_UPDATE = "UPDATE user SET passwd=PASSWORD('$password') WHERE userid='$userid'" DBAUTH_AUTH_CREATE = "INSERT INTO user SET passwd=PASSWORD('$password'),userid='$userid'" DBAUTH_PREF_SELECT = SELECT prefs FROM pref WHERE userid='$userid' DBAUTH_PREF_UPDATE = "REPLACE INTO pref SET prefs='$pref_blob',userid='$userid'" EDITING_POLICY = EditingPolicy THEME = Sidebar CHARSET = iso-8859-1 DEFAULT_LANGUAGE = en WIKI_PGSRC = pgsrc DEFAULT_WIKI_PGSRC = pgsrc DEFAULT_WIKI_PAGES = "ReleaseNotes:SteveWainstead:TestPage" ALLOWED_PROTOCOLS = "http|https|mailto|ftp|news|nntp|ssh|gopher" INLINE_IMAGES = "png|jpg|gif" WIKI_NAME_REGEXP = "(?<![[:alnum:]])(?:[[:upper:]][[:lower:]]+){2,}(?![[:alnum:]])" SUBPAGE_SEPARATOR = / INTERWIKI_MAP_FILE = lib/interwiki.map WARN_NONPUBLIC_INTERWIKIMAP = false KEYWORDS = "Category:Topic" COPYRIGHTPAGE_TITLE = GNU General Public License COPYRIGHTPAGE_URL = http://www.gnu.org/copyleft/gpl.html#SEC1 AUTHORPAGE_TITLE = The PhpWiki Programming Team AUTHORPAGE_URL = http://phpwiki.sourceforge.net/phpwiki/ThePhpWikiProgrammingTeam TOC_FULL_SYNTAX = true --- end |
|
From: Charles C. <ch...@ru...> - 2005-03-31 13:10:48
|
There have been a lot of fixes post 1.3.10 in this area. I suggest that you get 1.3.11-rc and try that. I wrote doc/README.security describing my mechanism to get exactly the configuration that you require. It's funny all of my recent posts mention this document :-) Regards, Charles -----Original Message----- From: Stan Berka [mailto:sb...@po...] Sent: 31 March 2005 06:42 To: php...@li... Subject: [Phpwiki-talk] secure phpwiki: request for example Hi, I have tried to configure PhpWiki in secure mode: everyone can view, only authorized users can edit. That simple. But I've never succeeded. My last try is here http://www.berka.name/phpwiki in case you want to try it out. Try to sign-in. It's ver. 1.3.10. Could anyone provide information leading to a working configuration like this? I mean: which phpwiki version, provide a config file and any other info that matters? This installation is on Linux/Apache/mysql. I'd really appreciate your help. I'm using phpwiki in our office all the time; it's wonderfull, but here I need a secure mode and... I'm attaching below the config.ini from berka.name; lines commented out are removed. |
|
From: Philip J. H. <ph...@po...> - 2005-03-31 14:12:12
|
I guess what we're seeing is that spammers are finally really starting to hit wikis. Maybe the crackdown on blog comment spam is forcing them to move? The difficult part of this is that the wiki philosophy is all about the freedom for anyone to edit. That has always freaked a lot of people out. Unfortunately, they now have a good reason to be scared: spammers will mess with all your pages! Thus, I really think that spam blocking / detection / limiting is THE big issue for wikis now. We're at a critical point: mainstream users are starting to wake up to the wiki philosophy. I just helped my non-technical friend set up a wiki for his work (www.dbrig.com). Wil Wheaton just two days ago wondered on his blog if he should set up a wiki. Now is the time for wikis - assuming the spam doesn't drown us all. I really, really want to open my website www.hollenback.net back up for anyone to edit. Thus it seems like blacklists and captchas are the way to go. I don't want to force people to log in - that drives away the majority of potential contributors right away. However, a unified login mechanism such as Typekey might not be so bad. As an aside, some people say the majority of wiki spam is coming from China (see www.chongqed.com). However, I see that the spam on wiki (until I locked it down) was coming from Russia. What are other people seeing? P. ps - in regards to my website, I am hoping that the SpamAssassin plugin will be effective. Thus I wait for an actual 1.3.11 release. I sure hope that comes out soon! On Thu, 31 Mar 2005 21:13:00 +0800, "Charles Corrigan" <ch...@ru...> said: > There have been a lot of fixes post 1.3.10 in this area. I suggest > that you get 1.3.11-rc and try that. I wrote doc/README.security > describing my mechanism to get exactly the configuration that you > require. > > It's funny all of my recent posts mention this document :-) > > Regards, Charles > > > -----Original Message----- From: Stan Berka [mailto:sb...@po...] > Sent: 31 March 2005 06:42 To: php...@li... > Subject: [Phpwiki-talk] secure phpwiki: request for example > > Hi, I have tried to configure PhpWiki in secure mode: everyone can > view, only authorized users can edit. That simple. But I've never > succeeded. My last try is here http://www.berka.name/phpwiki in case > you want to try it out. Try to sign-in. It's ver. 1.3.10. > > Could anyone provide information leading to a working configuration > like this? I mean: which phpwiki version, provide a config file and > any other info that matters? This installation is on > Linux/Apache/mysql. > > I'd really appreciate your help. I'm using phpwiki in our office all > the time; it's wonderfull, but here I need a secure mode and... > > I'm attaching below the config.ini from berka.name; lines commented > out are removed. -- Philip J. Hollenback ph...@po... www.hollenback.net |
|
From: Philip J. H. <ph...@po...> - 2005-03-31 14:32:22
|
One more thing I just thought of: is there a way to always retrieve the IP address of the person who edited a page? When an anonymous user edits a page, you see the IP address in RecentChanges. However, if the edit is done by a BogoUser, then you see the username. My last big spammer used a BogoUser, so the IP address wasn't immediately apparent. It would be nice if the RecentChanges looked like this: WikiPage - edited by WikiUser - from 192.168.1.2 for example. I realize you can retrieve the ip address from the web server logs, but that is cumbersome. P. On Thu, 31 Mar 2005 09:12:06 -0500, "Philip J. Hollenback" <ph...@po...> said: > I guess what we're seeing is that spammers are finally really starting > to hit wikis. Maybe the crackdown on blog comment spam is forcing them > to move? > > The difficult part of this is that the wiki philosophy is all about the > freedom for anyone to edit. That has always freaked a lot of people > out. Unfortunately, they now have a good reason to be scared: spammers > will mess with all your pages! > > Thus, I really think that spam blocking / detection / limiting is THE > big issue for wikis now. We're at a critical point: mainstream users > are starting to wake up to the wiki philosophy. I just helped my > non-technical friend set up a wiki for his work (www.dbrig.com). Wil > Wheaton just two days ago wondered on his blog if he should set up a > wiki. Now is the time for wikis - assuming the spam doesn't drown us > all. > > I really, really want to open my website www.hollenback.net back up for > anyone to edit. Thus it seems like blacklists and captchas are the way > to go. I don't want to force people to log in - that drives away the > majority of potential contributors right away. However, a unified login > mechanism such as Typekey might not be so bad. > > As an aside, some people say the majority of wiki spam is coming from > China (see www.chongqed.com). However, I see that the spam on wiki > (until I locked it down) was coming from Russia. What are other people > seeing? -- Philip J. Hollenback ph...@po... www.hollenback.net |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X