Revision [6891]
This is an old revision of SecurityInfo made by TryMe on 2005-03-25 14:48:57.
Security in Wikka
Security in Wikka is on a page by page basis. The concept of a Wiki is that content can be posted easily and freely by anyone, so security is not at the core of Wikka. To learn more about controlling access to individual pages see ACLInfo.
There are two main considerations under Security:
- User Registration
- File Upload Security
User Registration
Restricting user registration can help by ensuring anyone can't register and then upload anything to your server. For more information see the (again, uncategorised) links below:
- AutomaticUserPageCreation (related but not hugely!)
- UserSettingsAndPasswords (again, related but not hugely!)
File Upload Security
A key security risk in Wikka is the file upload facility, if your Wiki can be accessed on the web. In this situation, there are a few options open to you:
- Files only uploaded by admins (default)
- Control access to the whole board by using .htaccess / .htpasswd
- Use some of the hacks / plugins available
- Control User Registration
Files only uploaded by admins (default)
As standard, files can only be uploaded by site admins. How you change a user to an admin I don't know (sorry) but you should be able to find out somewhere. If you do, please post it here!
Control access to the whole board by using .htaccess / .htpasswd
If you're doing this, be sure to copy the settings from the existing .htaccess file that is installed as standard with Wikka or you might find that the whole thing stops working (as I did, DOH!).
Use some of the hacks / plugins available
Please note, I haven't had a chance to search through these, so they're just all linked on here:
- FilesHandlerInfo - documentation for the above
Control User Registration
See the section above