Swiki locked
danielv at netvision.net.il
danielv at netvision.net.il
Fri Jul 19 22:22:47 UTC 2002
It may be a good idea to just lock the whole site for a couple of weeks
or a month. It seems unlikely anyone will be motivated to keep trying to
trash it when it doesn't work for that long.
Daniel
Lex Spoon <lex at cc.gatech.edu> wrote:
>
> > WTH, we need some kind of internal, easy to implement in ComSwiki,
>
> > authentification system.
>
> >
>
> This is a can of worms, as the ensuing discussion has shown.
>
> There *is*
> no scheme that will keep the system convenient to use. The
> last thing
> we need is for *fewer* people to be editting the system.
> And to add to
> that, it is realy ugly to get into discussions about who
> has permission
> to do what. Wikis are note-taking areas that should
> have a fairly
> conversational feel. Let's not mire it in bureaucracy.
>
>
>
> Instead of putting uber security into it, the thread about using
> Scamper
> points in an interesting direction. In general, we could have
> a wiki
> that is accessed with Squeak. A sort of "Super Swiki" if you
> will. :)
> That would cut back -- though not stop -- attackers.
>
>
>
>
> That said, let me suggest something about securing things. Ultimately,
> Squeak is going to be so wild popular that black hats will all be aware
>
> of wikis and the possibility of using them to transfer files. A simple
>
> way to reduce this problem is to have some mechanism to keep track of
>
> who is making updates; then, we can remove access for users who do bad
>
> things. Further, there would have to be some sort of restriction on
>
> getting a valid userid to begin with -- for example, you'd have to be
>
> added by an existing person with privilage. The main technological
>
> piece missing here is to use something like Jabber to keep track of the
>
> userid's and passwords.
>
>
>
> But let's not go there until we absolutely have to. Blocking domains,
> etc, should get us along fine for a while. Especially now that there
>
> are things like Gnutella, hacking out some space on a web site just
> doesn't seem all that useful.
>
>
>
>
> -Lex
>
>
>
>
> PS - the main issue with using Scamper for swikis is that currently the
>
> swikis are using some fancy HTTP stuff that Squeak screws up with.
> Otherwise, I don't see why it matters how good Scamper is at visiting
>
> complicated web sites -- we were only talking about using it for
>
> *swikis*.
More information about the Squeak-dev
mailing list
|