Run a Wiki on www.gnucash.org?

Stuart D. Gathman stuart at bmsi.com
Fri Nov 19 11:57:57 EST 2004


On Fri, 19 Nov 2004, Josh Sled wrote:

> Hmm.  Except when the software on top of the web server opens new
> vulnerabilities by evaluating it's parameters using shell tools without
> proper value checking...

I would recommend not running a wiki based on shell tools.

How about MoinMoin?

http://sourceforge.net/projects/moin/

The wiki code is easily sandboxed to a single uid.  If using the
CGI interface with Apache, this is done via suexec.  I run the
Wiki as a standalone server with its own uid.

There is still the possibility of local exploits, of course.

Using mod_python to run moinmoin runs the wiki as the apache user - not
recommended if the same apache instance is serving Gnucash files.

Also, for best performance, moinmoin needs a real database (it uses
bsddb by default).

-- 
	      Stuart D. Gathman <stuart at bmsi.com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.



More information about the gnucash-devel mailing list