Revision history for SecurityInfo
Revision [22815]
Last edited on 2016-05-20 07:38:42 by NilsLindenberg [Replaces old-style internal links with new pipe-split links.]Additions:
This page can now be found on the [[Docs:SecurityInfo | Wikka Documentation Server]].
An archive of [[http://wikkawiki.org/SecurityInfo/revisions | old revisions of this page]] is still available for reference.<<
An archive of [[http://wikkawiki.org/SecurityInfo/revisions | old revisions of this page]] is still available for reference.<<
Deletions:
An archive of [[http://wikkawiki.org/SecurityInfo/revisions
old revisions of this page]] is still available for reference.<<
Additions:
<<===This page has moved===
This page can now be found on the [[Docs:SecurityInfo Wikka Documentation Server]].
Thanks for updating your bookmarks!
An archive of [[http://wikkawiki.org/SecurityInfo/revisions
old revisions of this page]] is still available for reference.<<
::c::
CategoryMigratedDocs
This page can now be found on the [[Docs:SecurityInfo Wikka Documentation Server]].
Thanks for updating your bookmarks!
An archive of [[http://wikkawiki.org/SecurityInfo/revisions
old revisions of this page]] is still available for reference.<<
::c::
CategoryMigratedDocs
Deletions:
=====Security in Wikka=====
===General thoughts===
Wikka [[SystemRequirements requires a webserver and mysql]] to work. To have a secure wikka you have to make sure that only authorized people have access to the files in the wikka-directory and to the mysql-database in which wikka is stored.
For security tips and options refer to the manual of your webserver software.
===Password security===
Every user on a wikka has a password to protect his/her account. This password is chosen upon the account [[RegisterInfo registration]] and can be subsequently [[UserSettingsInfo modified]] by the user.
Because knowing your password can enable someone to act in your name, you should choose it carefully (this is especially true for admins, who have [[WikkaAdmin more possibilities]] than normal users)
- On wikka installs, passwords have to be at least 5 characters long. A longer password is recommended.
- Do not use only letters: use also specialchars and numbers (as of 1.1.6.0 you have to escape the $ in the password, so you have to type \$ instead. This will change in later versions)
- Do not use your (user)name, not even partly
- Do not use a word existing in a dictionary
- ...
CategoryDocumentation
Additions:
- Do not use only letters: use also specialchars and numbers (as of 1.1.6.0 you have to escape the $ in the password, so you have to type \$ instead. This will change in later versions)
Deletions:
Additions:
===General thoughts===
Wikka [[SystemRequirements requires a webserver and mysql]] to work. To have a secure wikka you have to make sure that only authorized people have access to the files in the wikka-directory and to the mysql-database in which wikka is stored.
===Password security===
Every user on a wikka has a password to protect his/her account. This password is chosen upon the account [[RegisterInfo registration]] and can be subsequently [[UserSettingsInfo modified]] by the user.
Because knowing your password can enable someone to act in your name, you should choose it carefully (this is especially true for admins, who have [[WikkaAdmin more possibilities]] than normal users)
- On wikka installs, passwords have to be at least 5 characters long. A longer password is recommended.
- Do not use only letters: use also specialchars and numbers
Wikka [[SystemRequirements requires a webserver and mysql]] to work. To have a secure wikka you have to make sure that only authorized people have access to the files in the wikka-directory and to the mysql-database in which wikka is stored.
===Password security===
Every user on a wikka has a password to protect his/her account. This password is chosen upon the account [[RegisterInfo registration]] and can be subsequently [[UserSettingsInfo modified]] by the user.
Because knowing your password can enable someone to act in your name, you should choose it carefully (this is especially true for admins, who have [[WikkaAdmin more possibilities]] than normal users)
- On wikka installs, passwords have to be at least 5 characters long. A longer password is recommended.
- Do not use only letters: use also specialchars and numbers
Deletions:
Wikka [[SystemRequirements requieres a webserver and mysq]]l to work. To have a secure wikka you have to make sure that only the people you want have access to the files in the wikka-directory and to the mysql-database in which wikka is stored.
===Password-security===
Every user on a wikka has a password to protect his account. This password is choosen on the [[RegisterInfo registration]] of the account and can be [[UserSettingsInfo changed]] by the user.
Since someone who knows your password can act in your name, you should choose it carefully (this is especially true for admins, who have [[WikkaAdmin more possibilities]] than normal users)
- Your password has to be at least 5 characters long. A longer password
- Do not only use letters but als specialchars and numbers
Additions:
===Generell thoughts===
Wikka [[SystemRequirements requieres a webserver and mysq]]l to work. To have a secure wikka you have to make sure that only the people you want have access to the files in the wikka-directory and to the mysql-database in which wikka is stored.
For security tips and options refer to the manual of your webserver software.
===Password-security===
Wikka [[SystemRequirements requieres a webserver and mysq]]l to work. To have a secure wikka you have to make sure that only the people you want have access to the files in the wikka-directory and to the mysql-database in which wikka is stored.
For security tips and options refer to the manual of your webserver software.
===Password-security===
Deletions:
Additions:
====Password-security====
Every user on a wikka has a password to protect his account. This password is choosen on the [[RegisterInfo registration]] of the account and can be [[UserSettingsInfo changed]] by the user.
Since someone who knows your password can act in your name, you should choose it carefully (this is especially true for admins, who have [[WikkaAdmin more possibilities]] than normal users)
- Your password has to be at least 5 characters long. A longer password
- Do not only use letters but als specialchars and numbers
- Do not use your (user)name, not even partly
- Do not use a word existing in a dictionary
- ...
Every user on a wikka has a password to protect his account. This password is choosen on the [[RegisterInfo registration]] of the account and can be [[UserSettingsInfo changed]] by the user.
Since someone who knows your password can act in your name, you should choose it carefully (this is especially true for admins, who have [[WikkaAdmin more possibilities]] than normal users)
- Your password has to be at least 5 characters long. A longer password
- Do not only use letters but als specialchars and numbers
- Do not use your (user)name, not even partly
- Do not use a word existing in a dictionary
- ...
Additions:
[[WikkaDocumentation Wikka Documentation]]
----
----
CategoryDocumentation
----
----
CategoryDocumentation
Deletions:
Security in Wikka is on a page by page basis. The concept of a Wiki is that content can be posted easily and freely by anyone, so security is not at the core of Wikka.
~& Saying that //security is not at the core of Wikka// because the concept of a wiki is that anyone can post content is blatantly false.
~&//First//, ACL privileges can be modified and restricted at will by wiki admins not only on a per-page basis, but also in the system-wide configuration. Many companies use Wikka to power their intranet, restricting access to members only.
~&//Second//, the fact that you can give write access to any user on a Wikka installation has nothing to do with security issues of the wiki engine. If the wiki is open to write-access, then everyone will be able to post content in Wiki pages, nothing more and nothing less -- DarTar
To learn more about controlling access to individual pages see ACLInfo.
There are two main considerations under Security:
~-User Registration (below)
~-File Upload Security (further down)
=====User Registration=====
Restricting user registration can help by ensuring anyone can't register and then upload anything to your server.
~& By default, only wiki-admins can upload files to the server, registered users cannot. But here you probably mean "have write access" -- DarTar
For more information see the (again, uncategorised) links below:
~-RegisterInfo
~-RegisterAction
~-UserRegistration
~-AutomaticUserPageCreation (related but not hugely!)
~-UserSettingsAndPasswords (again, related but not hugely!)
=====File Upload Security=====
A key security risk in Wikka is the file upload facility, if your Wiki can be accessed on the web.
~& A //key security risk// ?? This is pure disinformation. If you know of any security issue, please post it in WikkaBugs. If you don't know any, please avoid spreading false information!-- DarTar
In this situation, there are a few options open to you:
~-Files only uploaded by admins (default)
~-Control access to the whole board by using .htaccess / .htpasswd
~-Use some of the hacks / plugins available
~-Control User Registration
====Files only uploaded by admins (default)====
As standard, files can only be uploaded by site admins. How you change a user to an admin I don't know (sorry) but you should be able to find out somewhere. If you do, please post it here!
~& Admin users are set in the [[ConfigurationOptions Wikka Configuration file]] -- DarTar
====Control access to the whole board by using .htaccess / .htpasswd====
If you're doing this, be sure to copy the settings from the existing .htaccess file that is installed as standard with Wikka or you might find that the whole thing stops working (as I did, DOH!).
====Use some of the hacks / plugins available====
Please note, I haven't had a chance to search through these, so they're just all linked on here:
~-FilesAction
~-MimeTypesFile
~-FileManagerHack
~-FilesManagementSolution
~-FilesHandler
~-FilesHandlerInfo - documentation for the above
~-Mod015fFilesAction
====Control User Registration====
See the section above
Revision [6912]
Edited on 2005-03-26 10:11:08 by DarTar [Page has to be removed/rewritten - several errors and misunderstandings]Additions:
~& Admin users are set in the [[ConfigurationOptions Wikka Configuration file]] -- DarTar
Deletions:
Revision [6911]
Edited on 2005-03-26 10:10:10 by DarTar [Page has to be removed/rewritten - several errors and misunderstandings]Additions:
~& TryMe, I want other users to take a look at this page before I modify it, but it contains **several errors** that we'll have to remove (considering this page is linked from the official documentation page). -- DarTar
Security in Wikka is on a page by page basis. The concept of a Wiki is that content can be posted easily and freely by anyone, so security is not at the core of Wikka.
~& Saying that //security is not at the core of Wikka// because the concept of a wiki is that anyone can post content is blatantly false.
~&//First//, ACL privileges can be modified and restricted at will by wiki admins not only on a per-page basis, but also in the system-wide configuration. Many companies use Wikka to power their intranet, restricting access to members only.
~&//Second//, the fact that you can give write access to any user on a Wikka installation has nothing to do with security issues of the wiki engine. If the wiki is open to write-access, then everyone will be able to post content in Wiki pages, nothing more and nothing less -- DarTar
To learn more about controlling access to individual pages see ACLInfo.
Restricting user registration can help by ensuring anyone can't register and then upload anything to your server.
~& By default, only wiki-admins can upload files to the server, registered users cannot. But here you probably mean "have write access" -- DarTar
For more information see the (again, uncategorised) links below:
A key security risk in Wikka is the file upload facility, if your Wiki can be accessed on the web.
~& A //key security risk// ?? This is pure disinformation. If you know of any security issue, please post it in WikkaBugs. If you don't know any, please avoid spreading false information!-- DarTar
In this situation, there are a few options open to you:
~& Admin users are set in the [[ConfigurationOption Wikka Configuration file]]
Security in Wikka is on a page by page basis. The concept of a Wiki is that content can be posted easily and freely by anyone, so security is not at the core of Wikka.
~& Saying that //security is not at the core of Wikka// because the concept of a wiki is that anyone can post content is blatantly false.
~&//First//, ACL privileges can be modified and restricted at will by wiki admins not only on a per-page basis, but also in the system-wide configuration. Many companies use Wikka to power their intranet, restricting access to members only.
~&//Second//, the fact that you can give write access to any user on a Wikka installation has nothing to do with security issues of the wiki engine. If the wiki is open to write-access, then everyone will be able to post content in Wiki pages, nothing more and nothing less -- DarTar
To learn more about controlling access to individual pages see ACLInfo.
Restricting user registration can help by ensuring anyone can't register and then upload anything to your server.
~& By default, only wiki-admins can upload files to the server, registered users cannot. But here you probably mean "have write access" -- DarTar
For more information see the (again, uncategorised) links below:
A key security risk in Wikka is the file upload facility, if your Wiki can be accessed on the web.
~& A //key security risk// ?? This is pure disinformation. If you know of any security issue, please post it in WikkaBugs. If you don't know any, please avoid spreading false information!-- DarTar
In this situation, there are a few options open to you:
~& Admin users are set in the [[ConfigurationOption Wikka Configuration file]]
Deletions:
Restricting user registration can help by ensuring anyone can't register and then upload anything to your server. For more information see the (again, uncategorised) links below:
A key security risk in Wikka is the file upload facility, if your Wiki can be accessed on the web. In this situation, there are a few options open to you:
Additions:
~-User Registration (below)
~-File Upload Security (further down)
~-File Upload Security (further down)
Deletions:
~-File Upload Security
