Swiki locked

Lex Spoon lex at cc.gatech.edu
Fri Jul 19 18:15:17 UTC 2002


> WTH, we need some kind of internal, easy to implement in ComSwiki, 

> authentification system. 

> 

This is a can of worms, as the ensuing discussion has shown.  

There *is*
no scheme that will keep the system convenient to use.  The
last thing
 we need is for *fewer* people to be editting the system. 
And to add to 
that, it is realy ugly to get into discussions about who
has permission 
to do what.  Wikis are note-taking areas that should
have a fairly 
conversational feel.  Let's not mire it in  bureaucracy.



Instead of putting uber security into it, the thread about using
Scamper
 points in an interesting direction.  In general, we could have
a wiki
 that is accessed with Squeak.  A sort of "Super Swiki" if you
will.  :) 
 That would cut back -- though not stop -- attackers.


  

That said, let me suggest something about securing things.  Ultimately,
Squeak is going to be so wild popular that black hats will all be aware

of wikis and the possibility of using them to transfer files.  A simple

way to reduce this problem is to have some mechanism to keep track of

who is making updates; then, we can remove access for users who do bad

things.  Further, there would have to be some sort of restriction on

getting a valid userid to begin with -- for example, you'd have to be

added by an existing person with privilage.  The main technological

piece missing here is to use something like Jabber to keep track of the

userid's and passwords.



But let's not go there until we absolutely have to.  Blocking domains,
etc, should get us along fine for a while.  Especially now that there

are things like Gnutella, hacking out some space on a web site just
doesn't seem all that useful.




-Lex




PS - the main issue with using Scamper for swikis is that currently the

swikis are using some fancy HTTP stuff that Squeak screws up with. 
Otherwise, I don't see why it matters how good Scamper is at visiting

complicated web sites -- we were only talking about using it for

*swikis*.



More information about the Squeak-dev mailing list