[pmwiki-users] Security via PmWiki

Julius Thyssen jultus at gmail.com
Sun Apr 13 20:50:40 CDT 2008

Peter & Melodye Bowers <pbowers at pobox.com> wrote:

>  Can it be set up to use https or some other way of up'ing security?

https has nothing to do with pmwiki. Everything running behind http
can be run tunneled using TLS/SSL. This is purely webserver config,
and an issue between server and client.
Using httpS is safer, because the access password to pmwiki admin
would then not travel over the networks in the open. This issue is even
of lesser importance with wiki systems, because 'damage' is reversible.
It's much worse for webmail, webforums, webforms or CMSs, for example.

>  Are wikis inherently less secure than other types of web technology?
>  Is PmWiki in use in any environments that require significant security
>  that I could use as a recommendation for this guy?

If its any consolation:
I maintain/admin 6 separate websites based entirely on pmwiki
for almost 5 years now, some for commercial use (people providing
private data, sent through pmwiki-driven site by email) with actual
third party companies behind it (not me, I only provided a pmwiki
start for them, or hosting and/or serverspace with a pmwiki-base),
and *none* of them have ever seen their websites compromised
in ANY way!
This is of particular importance because a couple of them
are hosted at Servage, which has had some of their servers
compromised, yet none of my pmwiki sites up there have
suffered any issues because of it (other websites, based
on Worpress, phpbb, and other CMSs, on the other hand
DID suffer from those defacement and spam/phising problems).
I think it is safe to say that pmwiki's security has not
disappointed me, ever. Much of this is, I think, thanks to
the splendid and elaborate explanations on hardening
its security, which you can find all over the PMwiki website.



More information about the pmwiki-users mailing list