Educause Security Discussion mailing list archives
Re: wiki best practices
From: Patrick P Murphy <pmurphy () NRAO EDU>
Date: Wed, 28 Jan 2009 12:13:05 -0500
On Wed, 28 Jan 2009 11:28:10 -0500, "Barros, Jacob" <jkbarros () GRACE EDU> said:
We want to develop wiki server for self help documents on a few of our systems and 'we' are not completely satisfied with what we currently have planned for security (system/software hardening, port/ip restrictions, encryption). Any bad experiences or things we should avoid / security pitfalls? Any specific tips on wiki security? Comments on dokuwiki.org/?
We have used TWiki here both internally and external-facing for some time. For the public one, we had to institute a policy where the content was read-only for newly registered users until they were manually added as a member of a specific group (and this only happens after they write to us and say why they want to collaborate with us); this was to avoid "wiki spam". For the internal one, we found a way of mapping the wiki account "WikiName" to an internal LDAP directory (Windows AD). This was not without problems, but it does work (mostly). Other random pitfalls: don't export the wiki directory via NFS or CIFS (that could be used to get around the protection of some pages/topics and attachments). If using the trick of a "known" group that I mentioned above, make sure you protect the "_default" wiki web too (you don't normally see it; it's a template of sorts). Given that the source base for TWiki has forked (FOSWiki), and that I'm not sure if the developers jumped ship or not, I'm not sure I could recommend one or the other fork at this point in time. HTH. - Pat -- Patrick P. Murphy, Ph.D. Webmaster (East), Computing Security Manager http://www.nrao.edu/~pmurphy/ http://chien-noir.com/maze.shtml "Inventions then cannot, in nature, be a subject of property." -- Thomas Jefferson, August 13, 1813
Current thread:
- wiki best practices Barros, Jacob (Jan 28)
- <Possible follow-ups>
- Re: wiki best practices Justin Dover (Jan 28)
- Re: wiki best practices Adam Nave (Jan 28)
- Re: wiki best practices Patrick P Murphy (Jan 28)