[Pmwiki-users] Security aspects -- experience using PmWiki

chr@home.se chr
Tue Sep 14 12:24:17 CDT 2004


In general I've felt a bit unsure about how to tighten up security. I
guess this could be a general problem when it comes to using a wiki in a
work environment.

!!! Security aspects

I've split up security into the following aspects (not all of them have
been, or is, an issue):

* availability of data and activities, i.e. uptime
* authenticity of authors
* confidentiality of information and actions,
* integrity of the data, i.e., correctness of pages and files


I'll discuss them in separate sections.


!!!! Availability

This has not been much of an issue. Since we are a small group I've felt
ok with directly fiddling with the settings of PmWiki -- it might not work
for small maounts of time, but that's ok in general. For better
availability some kind of support and/or encouragement to use a "test
wiki" would be nice.


!!!! Authenticity of authors

I've used '.htaccess' to control access. It's not the best solution, but
it does allow separate names and passwords. In addition, it would be
needed anyway to keep files from being downloaded.


!!!! Confidentiality

As described above, '.htaccess' was used to prevent people from getting in
to the wiki pages (and to prevent downloading of files). As a consequence,
when I did want outside people to download a file, or read a specific
page, it became difficult. More about this further down.


!!!! Integrity of data

As for data integrity, I feel pretty comfortable. Changes to pages can be
undone, and PmWiki 2.0 should allow concurrent editing. I'm really looking
forward to concurrent editing btw, especially since I use pmwiki-mode for
Emacs and might have the same wiki page opened in Emacs both at home and
at work...

and finally..

!!! User's who forget their passwords

Ok, this is not really a security issue, but is *annoying*... I don't 
know -- both users who got to chose their password, and users who were 
assigned a passwords have forgotten it. Since I'm not a systems 
administrators, I don't have much tolerance for this :-(

Any ideas on how to improve this?

/Christian

-- 
Christian Ridderstr?m, +46-8-768 39 44               http://www.md.kth.se/~chr





More information about the pmwiki-users mailing list