[pmwiki-users] Customer queries

[Tegan Dowling]

We have a proposal out to a customer who is asking some security questions
that I don't fully understand.  Can anyone enlighten me about how to answer
these?

1)   Has the application been ethically hacked? If so by whom and can we
> have a copy of the report?
> 2)   Can the application support SSL?
> 3)   Does the application have an API? What security is provided through
> this?



(or anyway, suggest a reply other than "I'm too blasted ignorant to be your
provider?")

Regarding question #2, I'm pretty sure that the answer is "PmWiki can if the
host-server can", correct? Searching the mail-list history, I found a post
that mentions using SSL and https, from which I infer that we'd need to ask
our host to do something like "setup apache2 to *only* use the
SSLconnection (so it doesn't respond to http but only https on port
443)".
(That's not a PmWiki setting, right?)  Is it phrased correctly, to use as a
request?

I do get the part about setting $ScriptUrl and $PubDirUrl to start with
https once the server is configured so.

Is the answer to #1 no?
Is the answer to #3 no?

Thanks for any guidance!

Tegan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20060405/be6a009f/attachment.html