[pmwiki-users] pmwiki with hostile users?

W Randolph Franklin pmwiki at wrfranklin.org
Wed Oct 28 07:48:22 CDT 2009


Hi,

Is it safe to allow write access to pmwiki groups to users who might try 
to break it or break in?

I've enjoyed using pmwiki for several years for my home page, for 
members of my research groups and to present course material to my 
classes.  See http://wrfranklin.org/

Some students like what they see so much that they've asked to use a 
pmwiki group for their term project.  Indeed, I'd like all my students 
to post their progress reports on it.

However, some of these students might try to test the system's limits. 
Potentially hostile people with write access to single pages or entire 
groups is a stronger threat than potentially hostile people with only 
read access.

Am I opening myself or our web server to risks?

Is there a difference between giving the students access to single pages 
vs to an entire group?

I haven't enabled separate farms, and would rather not have the hassle. 
  However, is that worth it?

I'm thinking of not allowing upload access; students can link to images 
on their personal web directories.

Thanks.

/W. Randolph Franklin

P.s. my spell checker just suggested replacing 'pmwiki' with 'homework' ?!




More information about the pmwiki-users mailing list