[pmwiki-users] Wiki farm security

Hans design at flutesong.net
Wed Apr 20 08:14:41 CDT 2005


Wednesday, April 20, 2005, 1:37:49 PM, Patrick wrote:
> The way I like to do it is to put the farm installation completely
> outside the web tree, create a symlink or webserver alias so that
> /farmpub points to the farm's pub/ directory, and then set

>    $FarmPubDirUrl = '/farmpub';

> in the farmconfig.php.

I don't think I can use symlinks or webserver aliases, sinc ethe site
is hosted by a third party hosting company.

> If that doesn't work for you, let me know and we'll figure something
> else out.  The only thing that fields need to have visible to the
> browser is the farm's pub/ directory.

Okay here is what I did right now:
Moved the farm's pub/ directory outside the pmwiki root directory.
Renamed it farmpub/ so I know what it is about.
set in farmconfig.php:

    $FarmPubDirUrl = 'http://mysite.com/...../farmpub';
    
Put in farm's root directory an .htaccess file with

    Order Deny,Allow
    Deny from all

This stops all public access to the farm, to pmwiki.php and the
scripts including the cookbook directory with the cookbook scripts,
but allows access to the farmpub/ directory with the guiedit/, skins/,
css/ and images/ directories.

I hope this makes the farm secure enough.
But it complicates slightly any upgrading, as I have to move any
upgraded files from the pub/ directory tree.
Still it is worth it.

If you think this approach is good enough I will add it to the
farm documentation, as not much is said about farm security as being
different from standard security.

PS:
Re: >    $FarmPubDirUrl = '/farmpub';
It does confuse me when you write a relative path to a DirUrl
variable; I thought we need to distinguish clearly between variables
with full url and variables with relative paths?

Best,
~Hans                           




More information about the pmwiki-users mailing list