[pmwiki-users] Wiki Farm question

Ben Wilson dausha at gmail.com
Sat Aug 26 11:43:59 CDT 2006


On 8/26/06, Sandy <sandy at onebit.ca> wrote:
> Firstly, I love this program! My first test of farms was the basic farm
> setup in pmwiki/wikifarms. If you ignore my typos and mis-directed
> relative references, it went quite smoothly.
>
> Now for the next step:
>
> 1. Is it possible to have everything but the wiki.d (and it's
> config.php) in a non-web-accessible directory? I was thinking one higher
> up the directory tree than public_html.

I have a recipe based on my own usage of farms[1]. Presently, the only
things I have in a field are index.php (which calls pmwiki.php),
.htaccess (for clean URLs) and a symlink to /pub. Once Pm implements
$SkinLibDirs, I'll be able to remove the symlink.[2] The recipe I cite
can be taken in steps. That is, you can pick what you want to remove
from the web accessible directories.

At the very least, I would recommend moving /cookbook out. I started
with that. Pm does a good job of staying abreast of the potential
security flaws in the core. We recipe authors may not be as much. So,
the weaker link is more likely to be the recipes. Therefore, moving
/cookbook would have the "biggest bang" for security improvement.

I would likewise encourage moving wiki.d and uploads out of the web
accessible path as well. My primary concern here is the wide-open
permissions of the directory. While it is unlikely that a wiki page
could be exploited, it is still an avenue for a cracker to target your
site. So, from the belt-and-suspenders school of security, I would
move out wiki.d. In the recipe I cite, I describe how I managed to do
that without having to modify the core.

In the interests of easy building of new fields, I would likewise
encourage (when possible) moving /pub out. For the past year, I've
been symlinking /pub from /pmwiki-share.[3] Some fields share the same
skins, or in the case of Pmcal, they share the same CSS. I prefer not
having to propegate a change to multiple directories. Of course,
symlinking is not allowed on some servers, and it may constitute a
security problem. So, on the aggregate, moving /pub is an
ease-of-maintenance change, rather than a security change.

> I'm thinking it would be a real pain, because any file referenced by the
> HTML output (skins, logos, other things I'm not aware of) would have to
> be moved to web-accessible areas.

This concern references /pub. When Pm incorporates $SkinLibDirs, then
you can move /pub out of the web accessbile directory and use
.htaccess to point to the /pmwiki-share/pub. After I finish this
email, I will document how I (would) do this in the recipe I have
cited.

> 2. Would this improve the security enough to bother with?

With all that I've said, I think the biggest bang for security is to
protect /cookbook and/or /wiki.d and /uploads. Any other migration of
directories out of web-accessible directories is likely a larger
benefit in convenience than security. However, I am not a security
guru. But, I did stay at a Holiday Inn Express (tm) last night.

-- 
Ben Wilson
"All this worldly wisdom was once the unamiable heresy of some wise man." HDT

[1]: www.pmwiki.org/wiki/Cookbook/WikiFarmAlternative
[2]: I've cobbled the skins.php for now as an experiment, but I don't
encourage changing the internals as it'll only break on the next
upgrade.
[3]: Those who own your own web servers, that could just as easily be
/usr/share/pmwiki/pub




More information about the pmwiki-users mailing list