Swiki locked
John Hinsley
johnhinsley at blueyonder.co.uk
Tue Jul 16 19:25:05 UTC 2002
On Tuesday 16 Jul 2002 6:50 pm, Michael Rueger wrote:
> John Hinsley wrote:
> > Has Mark received any response yet? If the domain isn't responding, I'd
> > be inclined to call in the Fibies (is it federal?) and block them anyway.
> > The
>
//snip//
>
> I'm all for setting a simple password, these attacks will not go away
> and we can consider ourselves lucky that these aren't real attacks (yet).
Can I suggest something a little different?
As an interim measure we block that domain (that is, someone at Gatech asks
the roots to block it). This should stop Snoodman for the time being and may
irritate the domain into doing something.
Long term, we look at better controls for the Swiki. I'd suggest that only the
administrator and the original author be allowed to lock pages.
Reasons? Issuing passwords leaves open the possibility that someone may get
hold of one. Unless we have a secure means of distributing them we only grant
ourselves the illusion of security.
Graffitti is an annoying, but easy enough to correct issue. If a Snood creates
a page, admin can zap it. If a Snood alters someone else's page, we can do a
rollback.
Cheers
John
More information about the Squeak-dev
mailing list
|