[pmwiki-users] Infected Cookbook Recipes?
sandy at onebit.ca
Mon Sep 22 12:17:59 CDT 2008
kirpi at kirpi.it wrote:
> While I see pmwiki site under spam attack, and after having restored a
> couple of web pages, I'm troubling myself with the following
> (dreadful) thought: is there a sort of security
> lock/code/flag/hash/signature/whatever allowing people to trust
> (somehow) the recipes the community upload/download and let run inside
> its servers?
Valid concern, although I don't know how tempting a target we are.
A Two-part Solution:
First, Maintainers and/or watchers monitor their recipe pages with
Notify. Many already do this. Yes, they'd have to password their
watchlist. (Anyone knowlegable enough to infect a recipe would know how
to edit a watchlist.)
Second, Watch for Uploads. There are some 3rd party recipes that do this
already, but I don't know how they work. It might be easiest to say that
an upload counts as changing all pages that reference it, which then
triggers Notify. If you get notified of a change you didn't make,...
This method still puts the onus on the page maintainer(s), but it
requires no more work than they already do when they volunteer to watch
and/or maintain a page. For legitimate updates, they get an email saying
something they already know (and maybe some other watchers sending them
email to double-check).
It fails when a recipe doesn't have a maintainer and/or watcher.
More information about the pmwiki-users