> We have had great experience with Swiki and have been using it for at > least a year now.
Good to hear. > We are now getting requests from other departments for a wiki and are > thinking about moving this to a more robust server from our lowly mac > box. I recommend a linux box. > Have there been any security issues with Swiki? Are there any known > issues to be aware of? Is there the possibility of someone compromising > the Squeak virtual machine and gaining access (root or otherwise) to the > file system? Realistically, it is easy to do DOS attack on Swiki. Also, unless you block uploading without a password, it is easy for strangers to use your site as an anonymous FTP site. I'm sure there are other security problems. In particular, if the intruder manages to get the administrator login, they have full access to the file system (to the extent that the process running the server has power). On the other side, Swiki is not nearly as popular as Apache and IIS, so your basic script kiddies won't attack it effectively. We have yet to have a swiki server hacked at Georgia Tech. This is our primary setup: Linux box running a recent RH linux. We run Swiki on port 8080 as a user. We map port 8080 to port 80 using iptables (this command needs to be done by root) We block uploads to all but certain IP addresses (GT campus) and to those with a valid login. A backup of every server happens daily. I think such a set up should work for your situation. We haven't had people hack Swiki, but we have had bad hard drives and unwanted uploads. Peace and Luck! Je77
