oss-sec mailing list archives
Re: wiki - e-mail address obfuscation
From: Solar Designer <solar () openwall com>
Date: Tue, 19 Feb 2008 17:30:22 +0300
I wrote:
... it only obfuscates e-mail addresses it recognizes - not anything with an @-sign. So we need to be very careful about this - e-mail addresses must be entered as <user () example org> - with the angle brackets.
Of course, folks will often be entering e-mail addresses without the angle brackets, at least initially - and that's enough for the spammers because old revisions of wiki pages are available. I've fixed a few of these right in the underlying files (for the old revisions), but I'm afraid I'll give up now.
I just found another issue: it is possible to "show differences to current version" without being logged in - and, of course, original (non-obfuscated) e-mail addresses are seen in these source diffs. Unless we come up with a way to address that (e.g., somehow disable this feature for anonymous visitors), I'm afraid that we'll have to obfuscate addresses manually prior to entering them into the wiki...
With many contributors to the wiki (which is great!), I'm afraid that we won't be able to "enforce manual obfuscation" either. So I think that we need to enhance DokuWiki ourselves or request the enhancement from upstream - and do it urgently. Specifically, we need two things: 1. DokuWiki should optionally detect e-mail addresses that are not in angle brackets, and obfuscate those as well. Alternatively, it should replace all @-signs. 2. DokuWiki should optionally restrict the "show differences to current version" feature to logged in users (or even to certain groups). Alternatively, it should obfuscate e-mail addresses (or replace @-signs) even in the diffs. Dmitry (Galaxy) - will you be able to take care of discussing this with upstream - and maybe developing, contributing, and applying a patch (to our install)? Any other volunteers? Thanks in advance, Alexander
Current thread:
- wiki Solar Designer (Feb 16)
- Re: wiki Vincent Danen (Feb 17)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki Vincent Danen (Feb 18)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki - e-mail address obfuscation Solar Designer (Feb 18)
- Re: wiki - e-mail address obfuscation Solar Designer (Feb 19)
- Re: wiki - e-mail address obfuscation (GalaxyMaster) (Feb 19)
- Re: wiki Solar Designer (Feb 18)
- Re: wiki Vincent Danen (Feb 19)
- Re: wiki Vincent Danen (Feb 17)
- Re: wiki Josh Bressers (Feb 18)
- charter Jonathan Smith (Feb 18)
- Re: charter Josh Bressers (Feb 19)
- Re: charter Mark J Cox (Feb 19)
- Re: charter Vincent Danen (Feb 19)
- Re: charter - advisories Solar Designer (Feb 19)
- Re: charter - advisories Josh Bressers (Feb 19)
- Re: charter - advisories Vincent Danen (Feb 20)