[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wiki on sf [was Re: C++ functions]
|
From: |
D. Goel |
|
Subject: |
Re: wiki on sf [was Re: C++ functions] |
|
Date: |
04 Jun 2003 07:03:53 -0400 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
> Hello,
>
> I will ask our admin if I can set up a wiki here.
>
> In the meantime, I see, in the README of usemod-wiki :
>
> ======================================================================
> Security:
>
[...]
>
> Is oddmuse more secure? Or can one (do we want to?) limit the access
> to octave-forge users?
I just asked the oddmuse author (Alex Schroeder, who i am CCing) --->
<deego> hi kensanata [06:52]
<deego> i have a Q reg. oddmuse
<deego> usemod README says:
<deego> Wiki administrators should be aware of the risks of enabling the HTML
<deego> or email options in UseModWiki. Permitting full HTML editing allows a
<deego> malicious user to cause the browsers of other users to execute
<deego> arbitrary Javascript, Java applets, or other possible sources of
<deego> security holes.
<deego> The email option could be misused to send annoying
<deego> mail to third parties (since no validation is done on the email
<deego> addresses entered into the Preferences page). These options may be
<deego> useful for small trusted groups, but they are not advised for wikis
<deego> open to the general public.
<deego> does oddmuse also allow arbitrary html? and so arbit. java and jv?
[06:53]
*kensanata* well, i removed the mail stuff, so that is one problem solved. :)
*kensanata* as to the tags, by default only a very limited subset is allowed.
<deego> ah
*kensanata* (on the phone)
*kensanata* (back) [06:55]
*kensanata* i *think* this refers to the <html>...</html> stuff.
*kensanata* you can enable that in oddmuse, too.
*kensanata* and the element content will be included, raw.
*kensanata* so that is indeed a security risk.
<deego> ah, and <html> is not allowed by default?
*kensanata* exactly. [06:56]
<deego> cool! thanks
*kensanata* maybe i should document that, too, on the wiki. ;)
*kensanata* oh, it is!
*kensanata* http://www.emacswiki.org/cgi-bin/oddmuse.pl?HTML
*kensanata* ah, but no warning... [06:57]
*kensanata* i will add that, now.
<deego> oh, and i should rtfm :)
*kensanata* heh. i'm always interested in improving the manual. so thanks.
:) [06:59]
*kensanata* just added it.
ERC>
-------------------------------------------------------------
Octave is freely available under the terms of the GNU GPL.
Octave's home on the web: http://www.octave.org
How to fund new projects: http://www.octave.org/funding.html
Subscription information: http://www.octave.org/archive.html
-------------------------------------------------------------
- C++ functions, Robert Widura, 2003/06/02
- Re: C++ functions, Paul Kienzle, 2003/06/02
- Re: C++ functions, Etienne Grossmann, 2003/06/03
- wiki on sf [was Re: C++ functions], Paul Kienzle, 2003/06/03
- Re: wiki on sf [was Re: C++ functions], D. Goel, 2003/06/04
- Re: wiki on sf [was Re: C++ functions], Etienne Grossmann, 2003/06/04
- Re: wiki on sf [was Re: C++ functions],
D. Goel <=
- Message not available
- Re: wiki on sf, Etienne Grossmann, 2003/06/05
- Re: wiki on sf, D. Goel, 2003/06/05
- Re: wiki on sf, Etienne Grossmann, 2003/06/05
- Re: wiki on sf, D. Goel, 2003/06/05
- Re: wiki on sf, Alex Schroeder, 2003/06/05
- Re: wiki on sf, Etienne Grossmann, 2003/06/05
- Re: wiki on sf, Alex Schroeder, 2003/06/05
- Re: wiki on sf, Etienne Grossmann, 2003/06/06
- Re: wiki on sf, Alex Schroeder, 2003/06/07
- Re: wiki on sf, Etienne Grossmann, 2003/06/09