Most people just use a git repo for version controlling their LocalSettings.php
If you really really want to do this onwiki approach, try verifying the file with `php -l` before saving. -- brian On Saturday, July 1, 2017, Jean Valjean <[email protected]> wrote: > Yeah, that's already happened a few times (typo taking the site down). What > I did on another wiki farm was have one wiki in charge of the other wiki's > config files, so that if you messed up LocalSettings.php, it wouldn't take > down the wiki that was modifying it. > > My goal was to have some sort of version control system in place so that as > different people are changing the files, we know who did what when, and can > revert easily to a previous version. > > On Sat, Jul 1, 2017 at 7:04 PM, Brian Wolff <[email protected]> wrote: > >> Even ignoring the security issues, if one of your users makes a typo, they >> take down the site and they cannot revert because the site is then down. >> >> From a security prespective, this is equivalent to giving your users shell >> access to your server. They can run any arbitrary program, do anything, >> insert backdoors, etc. Additionally this setup requires the web user to >> have write access to php enabled web directories which is also bad >> practise. >> >> -- >> bawolff >> >> On Saturday, July 1, 2017, Legoktm <[email protected]> wrote: >> > On 07/01/2017 03:16 PM, Jean Valjean wrote: >> >> I want to let some of my administrators (in the wizards group) edit >> >> LocalSettings.php, so I used this snippet, which allows them to make >> >> changes by editing the Project:Shared_config.php page. Then I protected >> the >> >> page so that only wizards can edit it. Do you think this presents any >> >> security issues? >> > >> > Yes, it presents a huge security issue. Anyone who can modify your >> > LocalSettings.php can execute arbitrary PHP code. They could see any >> > private data in your database, easily get passwords, or even potentially >> > give themselves server access. >> > >> > I would highly recommend NOT doing this. >> > >> > -- Legoktm >> > >> > _______________________________________________ >> > MediaWiki-l mailing list >> > To unsubscribe, go to: >> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l >> > >> _______________________________________________ >> MediaWiki-l mailing list >> To unsubscribe, go to: >> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l >> > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
