Ryan Lane <rlane32 <at> gmail.com> writes: > I'd like to mention that from a security perspective, I like the fact > that by default MediaWiki does not allow Wordpress style upgrades and > code modifications. MediaWiki exploits may lead to vandalism, but > Wordpress exploits generally lead to shell or root access, and > compromise of all of your other applications.
While this is certainly true for updates and PHP-enabled skin files, a web-based configuration panel is actually much more secure than editing a PHP-based settings file through FTP. There is a multitude of malware out there which can steal FTP passwords by infecting your computer, or your router, or any nearby computer if you use unsecured wifi access. (Sure, you could use SFTP or something equivalent, but how many people actually do? And how many webhosts provide it?) The most common stuff such as allowing uploads or enabling extensions should be accessible through a GUI for both usability and security reasons. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
