Swiki locked
Lex Spoon
lex at cc.gatech.edu
Fri Jul 19 18:15:17 UTC 2002
> WTH, we need some kind of internal, easy to implement in ComSwiki,
> authentification system.
>
This is a can of worms, as the ensuing discussion has shown.
There *is*
no scheme that will keep the system convenient to use. The
last thing
we need is for *fewer* people to be editting the system.
And to add to
that, it is realy ugly to get into discussions about who
has permission
to do what. Wikis are note-taking areas that should
have a fairly
conversational feel. Let's not mire it in bureaucracy.
Instead of putting uber security into it, the thread about using
Scamper
points in an interesting direction. In general, we could have
a wiki
that is accessed with Squeak. A sort of "Super Swiki" if you
will. :)
That would cut back -- though not stop -- attackers.
That said, let me suggest something about securing things. Ultimately,
Squeak is going to be so wild popular that black hats will all be aware
of wikis and the possibility of using them to transfer files. A simple
way to reduce this problem is to have some mechanism to keep track of
who is making updates; then, we can remove access for users who do bad
things. Further, there would have to be some sort of restriction on
getting a valid userid to begin with -- for example, you'd have to be
added by an existing person with privilage. The main technological
piece missing here is to use something like Jabber to keep track of the
userid's and passwords.
But let's not go there until we absolutely have to. Blocking domains,
etc, should get us along fine for a while. Especially now that there
are things like Gnutella, hacking out some space on a web site just
doesn't seem all that useful.
-Lex
PS - the main issue with using Scamper for swikis is that currently the
swikis are using some fancy HTTP stuff that Squeak screws up with.
Otherwise, I don't see why it matters how good Scamper is at visiting
complicated web sites -- we were only talking about using it for
*swikis*.
More information about the Squeak-dev
mailing list
|