Swiki locked

Stephen Pair spair at advantive.com
Tue Jul 16 19:41:07 UTC 2002 

I wonder if this problem could ultimately be solved using some sort of
web of trust relationships?  Here's how it might work:

  - when a Swiki is created, the creator is issued a key that can be
used to edit the Swiki
  - others that would like to edit the Swiki can only do so by
requesting a key from someone that already has a key (initially just he
creator, but soon, there would be many people with keys)
  - any key could be traced all the way back to the creator of the Swiki
  - any key can be revoked at any time, eliminating the possibility of
that key being used to edit the Swiki

And, finally, since you must contact an existing editor of a Swiki in
order to get a key, an abuser would have a hard time continuing to do
their dirty deeds after they've been identified.  In fact, since they
have to make direct contact with someone else before making their first
edits, it may eliminate the problem entirely.

The only downside (aside from implementation issues) is that it might be
enough trouble that some potential legitimate editors might turn away
rather than bother with getting a key.

- Stephen


> -----Original Message-----
> From: squeak-dev-admin at lists.squeakfoundation.org 
> [mailto:squeak-dev-admin at lists.squeakfoundation.org] On 
> Behalf Of John Hinsley
> Sent: Tuesday, July 16, 2002 3:25 PM
> To: squeak-dev at lists.squeakfoundation.org
> Subject: Re: Swiki locked
> 
> 
> On Tuesday 16 Jul 2002 6:50 pm, Michael Rueger wrote:
> > John Hinsley wrote:
> > > Has Mark received any response yet? If the domain isn't 
> responding, 
> > > I'd be inclined to call in the Fibies (is it federal?) and block 
> > > them anyway. The
> >
> //snip//
> >
> > I'm all for setting a simple password, these attacks will 
> not go away 
> > and we can consider ourselves lucky that these aren't real attacks 
> > (yet).
> 
> Can I suggest something a little different?
> 
> As an interim measure we block that domain (that is, someone 
> at Gatech asks 
> the roots to block it). This should stop Snoodman for the 
> time being and may 
> irritate the domain into doing something.
> 
> Long term, we look at better controls for the Swiki. I'd 
> suggest that only the 
> administrator and the original author be allowed to lock pages.
> 
> Reasons? Issuing passwords leaves open the possibility that 
> someone may get 
> hold of one. Unless we have a secure means of distributing 
> them we only grant 
> ourselves the illusion of security.
> 
> Graffitti is an annoying, but easy enough to correct issue. 
> If a Snood creates 
> a page, admin can zap it. If a Snood alters someone else's 
> page, we can do a 
> rollback.
> 
> Cheers
> 
> John 
> 
> 
>

More information about the Squeak-dev mailing list