Wiki hosting at SourceForge via MySQL database + php scripts

• Subject: Wiki hosting at SourceForge via MySQL database + php scripts
• From: James Amundson
• Date: Wed, 21 Jan 2004 20:41:48 -0600

On Fri, 2004-01-16 at 14:29, Robert Dodier wrote:
> There are two actions that need to
> be taken -- (1) request a MySQL database from SF

(Finally!) Done. We have a MySQL database.

> , and (2) install
> wiki software in the Maxima web directory. A project administrator
> needs to do (1), and any project developer can do (2). If you add
> me as a developer, I can do (2) 

Please send me your sourceforge id and I will add you as a developer. I
will send you the database password privately.

> > > There are some security issues about this set up.
> > > I'd be happy to talk about that if someone is interested.
> > 
> > I would, however, like to hear the security issues.
> 
> There are two kinds of issues: (1) vandalism of wiki pages, and
> (2) comprising the MySQL db. For (1) it's not clear how much we
> can/want to do. A wiki is a useful way to gather input from
> many people, but then anyone can clobber some text or paste in
> nonsense. Restricting access makes it harder to vandalize, and
> also makes legitimate input harder.
> 
> About (2), a feature/bug of MySQL is that the db password must
> appear in the script (Php, Perl, etc) which accesses the db.
> So there is one PhpWiki file (index.php) which does contain the 
> MySQL password. Since SF is a shared system, anyone with a shell
> login could potentially try to access that file.

OK. I am familiar with both issues. It also sounds like you have a good
handle on minimizing the potential problems.

Wiki away!

--Jim

• Prev by Date: float to bfloat
• Next by Date: New Mailing List - Too much spam
• Previous by thread: Wiki hosting at SourceForge via MySQL database + php scripts
• Next by thread: Windows and Imaxima.
• Index(es):
  • Date
  • Thread