Run a Wiki on www.gnucash.org?
Josh Sled
jsled at asynchronous.org
Fri Nov 19 09:44:26 EST 2004
On Fri, 2004-11-19 at 09:31, Derek Atkins wrote:
> linas at linas.org (Linas Vepstas) writes:
>
> > My #1 concern is security; that enabling a Wiki will allow a system
> > compromise.
>
> A fair enough concern, but that could be an issue for any piece of
> software. You're already running a web server, so a wiki on top of
> that is not a completely new system.
Hmm. Except when the software on top of the web server opens new
vulnerabilities by evaluating it's parameters using shell tools without
proper value checking...
My own twiki installtion and web-hosting account was hacked last night,
so this problem isn't theoretical. :(
As well, wiki-spam is a fscking nightmare, I'd -- unfortunately --
recommend some sort of access control on top of the wiki. :( Or maybe a
light-weight change-approval procedure.
In any case, I do think we should get a nice and simple wiki, sandboxed.
Obviously, Linas, it's your box and hosting call, though. If you don't
want to host it, perhaps we can alias 'wiki.gnucash.org' to some cheap
3rd party service provider?
...jsled
--
http://asynchronous.org/ - `a=jsled; b=asynchronous.org; echo ${a}@${b}`
More information about the gnucash-devel
mailing list