Revision [6891]

This is an old revision of SecurityInfo made by TryMe on 2005-03-25 14:48:57.

 

Security in Wikka


Security in Wikka is on a page by page basis. The concept of a Wiki is that content can be posted easily and freely by anyone, so security is not at the core of Wikka. To learn more about controlling access to individual pages see ACLInfo.

There are two main considerations under Security:

User Registration


Restricting user registration can help by ensuring anyone can't register and then upload anything to your server. For more information see the (again, uncategorised) links below:

File Upload Security


A key security risk in Wikka is the file upload facility, if your Wiki can be accessed on the web. In this situation, there are a few options open to you:

Files only uploaded by admins (default)


As standard, files can only be uploaded by site admins. How you change a user to an admin I don't know (sorry) but you should be able to find out somewhere. If you do, please post it here!

Control access to the whole board by using .htaccess / .htpasswd


If you're doing this, be sure to copy the settings from the existing .htaccess file that is installed as standard with Wikka or you might find that the whole thing stops working (as I did, DOH!).

Use some of the hacks / plugins available


Please note, I haven't had a chance to search through these, so they're just all linked on here:

Control User Registration


See the section above
There are 9 comments on this page. [Show comments]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki