urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

web commit by joey

master
www-data 2006-04-25 03:33:17 +00:00
parent dc558930f2
commit 903db5e5d5
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/security.mdwn
View File

@ -6,6 +6,8 @@ security issues with this program than with cat(1). If, however, you let
others edit pages in your wiki, then some possible security issues do need
to be kept in mind.
----
# Probable holes
## XSS holes in CGI output
@ -39,7 +41,7 @@ ikiwiki escapes any html in svn commit logs to prevent other mischief.
# Potential gotchas
Things not to do.
_(Things not to do.)_
## multiple accessors of wiki directory
@ -72,7 +74,7 @@ they can try to use this to exploit your web server.
# Hopefully non-holes
(AKA, the assumptions that will be the root of most security holes...)
_(AKA, the assumptions that will be the root of most security holes...)_
## exploting ikiwiki with bad content
@ -128,6 +130,8 @@ Login to the wiki involves sending a password in cleartext over the net.
Cracking the password only allows editing the wiki as that user though.
If you care, you can use https, I suppose.
----
# Fixed holes
_(Unless otherwise noted, these were discovered and immediatey fixed by the