[pmwiki-users] pmwiki with hostile users?
DaveG
pmwiki at solidgone.com
Wed Oct 28 09:03:59 CDT 2009
W Randolph Franklin wrote:
> However, some of these students might try to test the system's limits.
> Potentially hostile people with write access to single pages or entire
> groups is a stronger threat than potentially hostile people with only
> read access.
>
> Am I opening myself or our web server to risks?
From what you're describing, this is basically the same scenario as a
site available on the web. The students don't have direct access to the
server itself, except via PmWiki. Apart from potential spam attacks you
should not have a problem, as long as you set appropriate privs on
files/directories, and ensure .htaccess is set to not list pages, etc.
> Is there a difference between giving the students access to single pages
> vs to an entire group?
Only in terms of the number of pages they can edit.
> I haven't enabled separate farms, and would rather not have the hassle.
> However, is that worth it?
Yes. It's very easy to do, and will provide a nice logical, and physical
layer of separation between your content and theirs. At the very least
you can nuke the farm if things get out of hand, rather than hunting
down individual student created pages.
> I'm thinking of not allowing upload access; students can link to images
> on their personal web directories.
Totally agree. It's tough to monitor uploaded content -- avoid it
altogether.
~ ~ Dave
More information about the pmwiki-users
mailing list