[pmwiki-users] PmWiki at sourceforge, can it be secured?
Olle
ollebe at student.chalmers.se
Sat Mar 7 16:32:01 CST 2009
On Saturday 07 March 2009 23.13.57 Christian Ridderström wrote:
> Hi,
>
> For the benefit of the LyX project, I and Bo are looking at using
> sourceforge to run the LyX wiki (well, actually the web site).
>
> At sourceforge, we have to store the wiki pages under a 'persistent'
> directory. Now, while setting up a test site, I checked and noticed the
> following unfortunate behaviour.
>
> * It's possible for one project, 'A', to run a PHP-script that can
> write to the persistent directory of project 'B'.
>
> Ooops.
>
Omg. I'm surprised, SourceForge should know better.
;-(
I suggest that you report this to someone at SF.net ASAP.
> Does anyone know of a workaround for this?
>
I don't.
> Is using MySql for storing the pages the a solution? Will that be safe?
>
Probably not, as you would have to store the MySQL password somewhere. If you
stored the password in a PHP script or a .htaccess, the other project could
probably read it through a script and save it in that project.
> /Christian
/Olle Bergkvist
More information about the pmwiki-users
mailing list