[pmwiki-users] question about pmwiki security

Dimitrij Krepis krepis at udel.edu
Thu Apr 28 16:34:15 CDT 2005


Hi all,
we want to set up an information webpage based on pmwiki.
We are using an striped down version of pmwiki to disable all actions except browsing:
$HandleActions = array('browse' => 'HandleBrowse','diff' => 'HandleBrowse','crypt' => 'HandleBrowse','login' => 'HandleBrowse','upload' => 'HandleBrowse'); (in pmwiki.php)
We are also using the userauth script for authentication.

Are there any security faults known, which may lead to direct access to the servers filesystem through pmwiki? Is it possible to submit page changes without authentification ?
Any obvious problems existent ?

Thanks for your time.

Sincerely, Dimitrij Krepis.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20050428/80f26a9d/attachment.html 


More information about the pmwiki-users mailing list