diff options
| author | www-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-04-25 03:33:17 +0000 |
|---|---|---|
| committer | www-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-04-25 03:33:17 +0000 |
| commit | 903db5e5d5c476228b9ceed18757e93846d58766 (patch) | |
| tree | c4aea115d52006aa426517208848c122611d5daa /doc/security.mdwn | |
| parent | dc558930f28bbef69c49e4b4c5237e0dea4bd38c (diff) | |
| download | ikiwiki-903db5e5d5c476228b9ceed18757e93846d58766.tar ikiwiki-903db5e5d5c476228b9ceed18757e93846d58766.tar.gz | |
web commit by joey
Diffstat (limited to 'doc/security.mdwn')
| -rw-r--r-- | doc/security.mdwn | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn index 3c85f57de..e514223e3 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -6,6 +6,8 @@ security issues with this program than with cat(1). If, however, you let others edit pages in your wiki, then some possible security issues do need to be kept in mind. +---- + # Probable holes ## XSS holes in CGI output @@ -39,7 +41,7 @@ ikiwiki escapes any html in svn commit logs to prevent other mischief. # Potential gotchas -Things not to do. +_(Things not to do.)_ ## multiple accessors of wiki directory @@ -72,7 +74,7 @@ they can try to use this to exploit your web server. # Hopefully non-holes -(AKA, the assumptions that will be the root of most security holes...) +_(AKA, the assumptions that will be the root of most security holes...)_ ## exploting ikiwiki with bad content @@ -128,6 +130,8 @@ Login to the wiki involves sending a password in cleartext over the net. Cracking the password only allows editing the wiki as that user though. If you care, you can use https, I suppose. +---- + # Fixed holes _(Unless otherwise noted, these were discovered and immediatey fixed by the |