Swiki locked

danielv at netvision.net.il danielv at netvision.net.il
Fri Jul 19 22:22:47 UTC 2002 

It may be a good idea to just lock the whole site for a couple of weeks
or a month. It seems unlikely anyone will be motivated to keep trying to
trash it when it doesn't work for that long.

Daniel

Lex Spoon <lex at cc.gatech.edu> wrote:
> 
> > WTH, we need some kind of internal, easy to implement in ComSwiki, 
> 
> > authentification system. 
> 
> > 
> 
> This is a can of worms, as the ensuing discussion has shown.  
> 
> There *is*
> no scheme that will keep the system convenient to use.  The
> last thing
>  we need is for *fewer* people to be editting the system. 
> And to add to 
> that, it is realy ugly to get into discussions about who
> has permission 
> to do what.  Wikis are note-taking areas that should
> have a fairly 
> conversational feel.  Let's not mire it in  bureaucracy.
> 
> 
> 
> Instead of putting uber security into it, the thread about using
> Scamper
>  points in an interesting direction.  In general, we could have
> a wiki
>  that is accessed with Squeak.  A sort of "Super Swiki" if you
> will.  :) 
>  That would cut back -- though not stop -- attackers.
> 
> 
>   
> 
> That said, let me suggest something about securing things.  Ultimately,
> Squeak is going to be so wild popular that black hats will all be aware
> 
> of wikis and the possibility of using them to transfer files.  A simple
> 
> way to reduce this problem is to have some mechanism to keep track of
> 
> who is making updates; then, we can remove access for users who do bad
> 
> things.  Further, there would have to be some sort of restriction on
> 
> getting a valid userid to begin with -- for example, you'd have to be
> 
> added by an existing person with privilage.  The main technological
> 
> piece missing here is to use something like Jabber to keep track of the
> 
> userid's and passwords.
> 
> 
> 
> But let's not go there until we absolutely have to.  Blocking domains,
> etc, should get us along fine for a while.  Especially now that there
> 
> are things like Gnutella, hacking out some space on a web site just
> doesn't seem all that useful.
> 
> 
> 
> 
> -Lex
> 
> 
> 
> 
> PS - the main issue with using Scamper for swikis is that currently the
> 
> swikis are using some fancy HTTP stuff that Squeak screws up with. 
> Otherwise, I don't see why it matters how good Scamper is at visiting
> 
> complicated web sites -- we were only talking about using it for
> 
> *swikis*.

More information about the Squeak-dev mailing list