[pmwiki-users] PmWiki at sourceforge, can it be secured?
ollebe at student.chalmers.se
Sat Mar 7 16:32:01 CST 2009
On Saturday 07 March 2009 23.13.57 Christian Ridderström wrote:
> For the benefit of the LyX project, I and Bo are looking at using
> sourceforge to run the LyX wiki (well, actually the web site).
> At sourceforge, we have to store the wiki pages under a 'persistent'
> directory. Now, while setting up a test site, I checked and noticed the
> following unfortunate behaviour.
> * It's possible for one project, 'A', to run a PHP-script that can
> write to the persistent directory of project 'B'.
Omg. I'm surprised, SourceForge should know better.
I suggest that you report this to someone at SF.net ASAP.
> Does anyone know of a workaround for this?
> Is using MySql for storing the pages the a solution? Will that be safe?
Probably not, as you would have to store the MySQL password somewhere. If you
stored the password in a PHP script or a .htaccess, the other project could
probably read it through a script and save it in that project.
More information about the pmwiki-users