• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

The configure utility ships with an empty password (as designed). The save screen of configure recommends to set a password.

To make a site more secure I recommend to add some addition documentation to the save screen. Something like:

ALERT! Note on Security: This web based configuration utility makes it easy to configure your TWiki from a browser. It also adds some risk because anyone who gets hold of the password can run arbitrary commands on the server by changing the grep or rcs commands. If you are running TWiki on a public website you are strongly advised to disable the save operation of the configure utility and to enable it only temporarily when needed. To disable the save operation, make twiki/lib/LocalSite.cfg readonly (use chmod etc)

The configure utility needs to produce a human understandable error message if LocalSite.cfg is not writable.

The TWikiInstallationGuide should be updated accordingly.

what about making setting a password on first save mandatory?
  • I tried that, and users hated it CC

SVN 6788

How about making the yellow broadcast banner "This wiki is unsecured" ?


Summary Configure utility needs to be secured
ReportedBy PeterThoeny
AppliesTo Engine
Priority Urgent
CurrentState Closed

Checkins 6788
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r7 - 2005-10-06 - MartinCleaver
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback