[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wiki on sf [was Re: C++ functions]

From: D. Goel
Subject: Re: wiki on sf [was Re: C++ functions]
Date: 04 Jun 2003 07:03:53 -0400
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

>   Hello,
> I will ask our admin if I can set up a wiki here.
> In the meantime, I see, in the README of usemod-wiki :
> ======================================================================
> Security:


>   Is oddmuse more secure? Or can one (do we want to?) limit the access
> to octave-forge users?

I just asked the oddmuse author (Alex Schroeder, who i am CCing) --->

<deego> hi kensanata                                                    [06:52]
<deego> i have a Q reg. oddmuse
<deego> usemod README says:
<deego> Wiki administrators should be aware of the risks of enabling the HTML
<deego> or email options in UseModWiki.  Permitting full HTML editing allows a
<deego> malicious user to cause the browsers of other users to execute
<deego> arbitrary Javascript, Java applets, or other possible sources of
<deego> security holes.
<deego> The email option could be misused to send annoying
<deego> mail to third parties (since no validation is done on the email
<deego> addresses entered into the Preferences page).  These options may be
<deego> useful for small trusted groups, but they are not advised for wikis
<deego> open to the general public.
<deego> does oddmuse also allow arbitrary html? and so arbit. java and jv?

*kensanata* well, i removed the mail stuff, so that is one problem solved.  :)
*kensanata* as to the tags, by default only a very limited subset is allowed.

<deego> ah

*kensanata* (on the phone)
*kensanata* (back)                                                      [06:55]

*kensanata* i *think* this refers to the <html>...</html> stuff.
*kensanata* you can enable that in oddmuse, too.
*kensanata* and the element content will be included, raw.
*kensanata* so that is indeed a security risk.
<deego> ah, and <html> is not allowed by default?
*kensanata* exactly.                                                    [06:56]
<deego> cool!  thanks
*kensanata* maybe i should document that, too, on the wiki.  ;)
*kensanata* oh, it is!
*kensanata* ah, but no warning...                                       [06:57]
*kensanata* i will add that, now.
<deego> oh, and i should rtfm  :)
*kensanata* heh.  i'm always interested in improving the manual.  so thanks.
            :)                                                          [06:59]
*kensanata* just added it.

Octave is freely available under the terms of the GNU GPL.

Octave's home on the web:
How to fund new projects:
Subscription information:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]