Lex,

In the same breath you say "The last thing we need is for *fewer* people
to be editting the system" and "I don't see why it matters how good
Scamper is at visiting complicated web sites -- we were only talking
about using it for *swikis*".

I think these two points of view are mutually exclusive.  If you
restrict swiki access to scamper, *fewer* people will be editing swikis.

- Stephen

> -----Original Message-----
> From: squeak-dev-admin at lists.squeakfoundation.org 
> [mailto:squeak-dev-admin at lists.squeakfoundation.org] On 
> Behalf Of Lex Spoon
> Sent: Friday, July 19, 2002 2:15 PM
> To: squeak-dev at lists.squeakfoundation.org
> Subject: Re: Swiki locked
> 
> 
> 
> > WTH, we need some kind of internal, easy to implement in ComSwiki,
> 
> > authentification system.
> 
> > 
> 
> This is a can of worms, as the ensuing discussion has shown.  
> 
> There *is*
> no scheme that will keep the system convenient to use.  The 
> last thing  we need is for *fewer* people to be editting the system. 
> And to add to 
> that, it is realy ugly to get into discussions about who
> has permission 
> to do what.  Wikis are note-taking areas that should
> have a fairly 
> conversational feel.  Let's not mire it in  bureaucracy.
> 
> 
> 
> Instead of putting uber security into it, the thread about 
> using Scamper  points in an interesting direction.  In 
> general, we could have a wiki  that is accessed with Squeak.  
> A sort of "Super Swiki" if you will.  :) 
>  That would cut back -- though not stop -- attackers.
> 
> 
>   
> 
> That said, let me suggest something about securing things.  
> Ultimately, Squeak is going to be so wild popular that black 
> hats will all be aware
> 
> of wikis and the possibility of using them to transfer files. 
>  A simple
> 
> way to reduce this problem is to have some mechanism to keep track of
> 
> who is making updates; then, we can remove access for users who do bad
> 
> things.  Further, there would have to be some sort of restriction on
> 
> getting a valid userid to begin with -- for example, you'd have to be
> 
> added by an existing person with privilage.  The main technological
> 
> piece missing here is to use something like Jabber to keep 
> track of the
> 
> userid's and passwords.
> 
> 
> 
> But let's not go there until we absolutely have to.  Blocking 
> domains, etc, should get us along fine for a while.  
> Especially now that there
> 
> are things like Gnutella, hacking out some space on a web 
> site just doesn't seem all that useful.
> 
> 
> 
> 
> -Lex
> 
> 
> 
> 
> PS - the main issue with using Scamper for swikis is that 
> currently the
> 
> swikis are using some fancy HTTP stuff that Squeak screws up with. 
> Otherwise, I don't see why it matters how good Scamper is at visiting
> 
> complicated web sites -- we were only talking about using it for
> 
> *swikis*.
> 
>