Run a Wiki on www.gnucash.org?
Wiggins d Anconia
wiggins at danconia.org
Fri Nov 19 10:56:53 EST 2004
> On Fri, 2004-11-19 at 09:31, Derek Atkins wrote:
> > linas at linas.org (Linas Vepstas) writes:
> >
> > > My #1 concern is security; that enabling a Wiki will allow a system
> > > compromise.
> >
> > A fair enough concern, but that could be an issue for any piece of
> > software. You're already running a web server, so a wiki on top of
> > that is not a completely new system.
>
> Hmm. Except when the software on top of the web server opens new
> vulnerabilities by evaluating it's parameters using shell tools without
> proper value checking...
>
> My own twiki installtion and web-hosting account was hacked last night,
> so this problem isn't theoretical. :(
>
> As well, wiki-spam is a fscking nightmare, I'd -- unfortunately --
> recommend some sort of access control on top of the wiki. :( Or maybe a
> light-weight change-approval procedure.
>
>
> In any case, I do think we should get a nice and simple wiki, sandboxed.
>
> Obviously, Linas, it's your box and hosting call, though. If you don't
> want to host it, perhaps we can alias 'wiki.gnucash.org' to some cheap
> 3rd party service provider?
>
> ...jsled
>
Would the worries be mitigated if it is installed into a chroot jail?
Obviously not the wiki-spam (which I hadn't heard of before, yuck), but
that should certainly prevent code changing, and other security risks.
Many hosting providers don't use this feature even though it is pretty
obvious.
Just a couple of $.01,
http://danconia.org
More information about the gnucash-devel
mailing list