> On Fri, 2004-11-19 at 09:31, Derek Atkins wrote: > > [EMAIL PROTECTED] (Linas Vepstas) writes: > > > > > My #1 concern is security; that enabling a Wiki will allow a system > > > compromise. > > > > A fair enough concern, but that could be an issue for any piece of > > software. You're already running a web server, so a wiki on top of > > that is not a completely new system. > > Hmm. Except when the software on top of the web server opens new > vulnerabilities by evaluating it's parameters using shell tools without > proper value checking... > > My own twiki installtion and web-hosting account was hacked last night, > so this problem isn't theoretical. :( > > As well, wiki-spam is a fscking nightmare, I'd -- unfortunately -- > recommend some sort of access control on top of the wiki. :( Or maybe a > light-weight change-approval procedure. > > > In any case, I do think we should get a nice and simple wiki, sandboxed. > > Obviously, Linas, it's your box and hosting call, though. If you don't > want to host it, perhaps we can alias 'wiki.gnucash.org' to some cheap > 3rd party service provider? > > ...jsled >
Would the worries be mitigated if it is installed into a chroot jail? Obviously not the wiki-spam (which I hadn't heard of before, yuck), but that should certainly prevent code changing, and other security risks. Many hosting providers don't use this feature even though it is pretty obvious. Just a couple of $.01, http://danconia.org _______________________________________________ gnucash-devel mailing list [EMAIL PROTECTED] https://lists.gnucash.org/mailman/listinfo/gnucash-devel
