Swiki locked
Stephen Pair
spair at advantive.com
Fri Jul 19 18:38:20 UTC 2002
Lex,
In the same breath you say "The last thing we need is for *fewer* people
to be editting the system" and "I don't see why it matters how good
Scamper is at visiting complicated web sites -- we were only talking
about using it for *swikis*".
I think these two points of view are mutually exclusive. If you
restrict swiki access to scamper, *fewer* people will be editing swikis.
- Stephen
> -----Original Message-----
> From: squeak-dev-admin at lists.squeakfoundation.org
> [mailto:squeak-dev-admin at lists.squeakfoundation.org] On
> Behalf Of Lex Spoon
> Sent: Friday, July 19, 2002 2:15 PM
> To: squeak-dev at lists.squeakfoundation.org
> Subject: Re: Swiki locked
>
>
>
> > WTH, we need some kind of internal, easy to implement in ComSwiki,
>
> > authentification system.
>
> >
>
> This is a can of worms, as the ensuing discussion has shown.
>
> There *is*
> no scheme that will keep the system convenient to use. The
> last thing we need is for *fewer* people to be editting the system.
> And to add to
> that, it is realy ugly to get into discussions about who
> has permission
> to do what. Wikis are note-taking areas that should
> have a fairly
> conversational feel. Let's not mire it in bureaucracy.
>
>
>
> Instead of putting uber security into it, the thread about
> using Scamper points in an interesting direction. In
> general, we could have a wiki that is accessed with Squeak.
> A sort of "Super Swiki" if you will. :)
> That would cut back -- though not stop -- attackers.
>
>
>
>
> That said, let me suggest something about securing things.
> Ultimately, Squeak is going to be so wild popular that black
> hats will all be aware
>
> of wikis and the possibility of using them to transfer files.
> A simple
>
> way to reduce this problem is to have some mechanism to keep track of
>
> who is making updates; then, we can remove access for users who do bad
>
> things. Further, there would have to be some sort of restriction on
>
> getting a valid userid to begin with -- for example, you'd have to be
>
> added by an existing person with privilage. The main technological
>
> piece missing here is to use something like Jabber to keep
> track of the
>
> userid's and passwords.
>
>
>
> But let's not go there until we absolutely have to. Blocking
> domains, etc, should get us along fine for a while.
> Especially now that there
>
> are things like Gnutella, hacking out some space on a web
> site just doesn't seem all that useful.
>
>
>
>
> -Lex
>
>
>
>
> PS - the main issue with using Scamper for swikis is that
> currently the
>
> swikis are using some fancy HTTP stuff that Squeak screws up with.
> Otherwise, I don't see why it matters how good Scamper is at visiting
>
> complicated web sites -- we were only talking about using it for
>
> *swikis*.
>
>
More information about the Squeak-dev
mailing list
|