30 Jun
2011
30 Jun
'11
12:09 p.m.
Hi Andreas,
Your site is perfect for illustrating my concerns about the "open by
default" configuration of xwiki.
I was able to register an account (I used my real email, but it could've
been a fake one), and was able to make a comment on your page here:
http://shept.org/docs/Shept/Features
Did you really intend to leave that page open for comments? I would guess
not, since you turned off comments on your WebHome page.
I find it very scary how easy it is to leave doors and windows open.
I can shut the doors I find open, but I have no way of confirming that I
have closed all the doors, especially the back doors that I do not know
about (eg whatever is in the XWiki space)
cheers
Paul
Hi Paul,
well you can make a philosophy out of what information should be allowed
and restricted ...
As for shept.org as an open source project I'm pretty fine with the
current setup.
I get regular notifications about what's beeing changed and should there
be some offending stuff there's always the option to delete it.
I'm running other XWiki sites with more restricted rights.
My approach for getting more confidence about security settings was
studying the server logs and understanding what the robots find out.
Of course you can also do the same before going public with some
site-copy tool ...
ciao
Andreas
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users