On Fri, 2004-11-19 at 09:31, Derek Atkins wrote: > [EMAIL PROTECTED] (Linas Vepstas) writes: > > > My #1 concern is security; that enabling a Wiki will allow a system > > compromise. > > A fair enough concern, but that could be an issue for any piece of > software. You're already running a web server, so a wiki on top of > that is not a completely new system.
Hmm. Except when the software on top of the web server opens new vulnerabilities by evaluating it's parameters using shell tools without proper value checking... My own twiki installtion and web-hosting account was hacked last night, so this problem isn't theoretical. :( As well, wiki-spam is a fscking nightmare, I'd -- unfortunately -- recommend some sort of access control on top of the wiki. :( Or maybe a light-weight change-approval procedure. In any case, I do think we should get a nice and simple wiki, sandboxed. Obviously, Linas, it's your box and hosting call, though. If you don't want to host it, perhaps we can alias 'wiki.gnucash.org' to some cheap 3rd party service provider? ...jsled -- http://asynchronous.org/ - `a=jsled; b=asynchronous.org; echo [EMAIL PROTECTED] _______________________________________________ gnucash-devel mailing list [EMAIL PROTECTED] https://lists.gnucash.org/mailman/listinfo/gnucash-devel
