summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorwww-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-04-25 03:30:19 +0000
committerwww-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-04-25 03:30:19 +0000
commitdc558930f28bbef69c49e4b4c5237e0dea4bd38c (patch)
treea7c2331b853ecefab1151e864d63194fe8fa04ee /doc
parentad775874a34884bf139959d0d8de2ebe56f22bd5 (diff)
web commit by joey
Diffstat (limited to 'doc')
-rw-r--r--doc/security.mdwn42
1 files changed, 24 insertions, 18 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 00b8e8824..3c85f57de 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -10,10 +10,10 @@ to be kept in mind.
## XSS holes in CGI output
-ikiwiki has not yet been audited to ensure that all cgi script output is
+ikiwiki has not yet been audited to ensure that all cgi script input/output is
sanitised to prevent XSS attacks.
-## image files etc attacks
+## image file etc attacks
If it enounters a file type it does not understand, ikiwiki just copies it
into place. So if you let users add any kind of file they like, they can
@@ -23,11 +23,23 @@ who's viewing the wiki, that can be a security problem.
Of course nobody else seems to worry about this in other wikis, so should we?
-## web server attacks
+## svn commit logs
-If your web server does any parsing of special sorts of files (for example,
-server parsed html files), then if you let anyone else add files to the wiki,
-they can try to use this to exploit your web server.
+Anyone with svn commit access can forge "web commit from foo" and make it
+appear on [[RecentChanges]] like foo committed. One way to avoid this would
+be to limit web commits to those done by a certian user.
+
+It's actually possible to force a whole series of svn commits to appear to
+have come just before yours, by forging svn log output. This could be
+guarded against by using svn log --xml.
+
+ikiwiki escapes any html in svn commit logs to prevent other mischief.
+
+----
+
+# Potential gotchas
+
+Things not to do.
## multiple accessors of wiki directory
@@ -43,18 +55,6 @@ Setup files are not safe to keep in subversion with the rest of the wiki.
Just don't do it. [[ikiwiki.setup]] is *not* used as the setup file for
this wiki, BTW.
-## svn commit logs
-
-Anyone with svn commit access can forge "web commit from foo" and make it
-appear on [[RecentChanges]] like foo committed. One way to avoid this would
-be to limit web commits to those done by a certian user.
-
-It's actually possible to force a whole series of svn commits to appear to
-have come just before yours, by forging svn log output. This could be
-guarded against by using svn log --xml.
-
-ikiwiki escapes any html in svn commit logs to prevent other mischief.
-
## page locking can be bypassed via direct svn commits
A [[lock]]ed page can only be edited on the web by an admin, but
@@ -62,6 +62,12 @@ anyone who is allowed to commit direct to svn can bypass this. This is by
design, although a subversion pre-commit hook could be used to prevent
editing of locked pages when using subversion, if you really need to.
+## web server attacks
+
+If your web server does any parsing of special sorts of files (for example,
+server parsed html files), then if you let anyone else add files to the wiki,
+they can try to use this to exploit your web server.
+
----
# Hopefully non-holes