Re: wiki best practices

[Patrick P Murphy <pmurphy () NRAO EDU>]

On Wed, 28 Jan 2009 11:28:10 -0500, "Barros, Jacob" <jkbarros () GRACE EDU>
   said:

> We want to develop wiki server for self help documents on a few of our
> systems and 'we' are not completely satisfied with what we currently
> have planned for security (system/software hardening, port/ip
> restrictions, encryption).  Any bad experiences or things we should
> avoid / security pitfalls?  Any specific tips on wiki security?
> Comments on dokuwiki.org/?

We have used TWiki here both internally and external-facing for some
time.  For the public one, we had to institute a policy where the
content was read-only for newly registered users until they were
manually added as a member of a specific group (and this only happens
after they write to us and say why they want to collaborate with us);
this was to avoid "wiki spam".  For the internal one, we found a way of
mapping the wiki account "WikiName" to an internal LDAP directory
(Windows AD).  This was not without problems, but it does work (mostly).

Other random pitfalls: don't export the wiki directory via NFS or CIFS
(that could be used to get around the protection of some pages/topics
and attachments).  If using the trick of a "known" group that I
mentioned above, make sure you protect the "_default" wiki web too (you
don't normally see it; it's a template of sorts).

Given that the source base for TWiki has forked (FOSWiki), and that I'm
not sure if the developers jumped ship or not, I'm not sure I could
recommend one or the other fork at this point in time.

HTH.

 - Pat

--
 Patrick P. Murphy, Ph.D.   Webmaster (East), Computing Security Manager
 http://www.nrao.edu/~pmurphy/          http://chien-noir.com/maze.shtml
 "Inventions then cannot, in nature, be a subject of property."
                                    -- Thomas Jefferson, August 13, 1813