On that note, does Labs use any kind of sandboxing or similar strategy to separate instances? I know with WordPress the issues is no about the spread of vulnerabilities from one server instance to another, but I wonder how Labs is secured against the latter specifically.
On Thu, May 12, 2016 at 4:10 PM, Tom Doolan <[email protected]> wrote: > I'd second this. It's also very unreliable in my experiences, so as > YuviPanda says, you'd need a sysadmin to keep it up to date and working. > > tom29739 > On 12 May 2016 8:55 p.m., "Yuvi Panda" <[email protected]> wrote: > >> On Thu, May 12, 2016 at 3:41 PM, T Paris <[email protected]> wrote: >> > If we didn't need access to any WMF databases and could even IP >> blacklist >> > the instance's IP, would that alleviate some concerns? Also, would the >> > auto-update feature help? >> >> The problem is more of serving your readers malware / accidentally >> becoming part of a botnet. The auto-update definitely helps but isn't >> enough, IMO - there's no cleanup afterwards that it does, you only >> need to be infected once for you to be compromised forever, etc. >> >> Wordpress is amazingly awesome and I reccomend it to everyone who >> wants to publish things on the web, I just want y'all to be also aware >> that it does require constant sysadmin help/lookout to keep it secure. >> >> Good luck! <3 Signpost :) >> >> -- >> Yuvi Panda T >> http://yuvi.in/blog >> >> _______________________________________________ >> Labs-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/labs-l >> > > _______________________________________________ > Labs-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/labs-l > >
_______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
