summaryrefslogtreecommitdiff
path: root/doc/security.mdwn
AgeCommit message (Collapse)Author
2008-04-10Fix CSRF attacks against the preferences and edit forms. Closes: #475445Joey Hess
The fix involved embedding the session id in the forms, and not allowing the forms to be submitted if the embedded id does not match the session id. In the case of the preferences form, if the session id is not embedded, then the CGI parameters are cleared. This avoids a secondary attack where the link to the preferences form prefills password or other fields, and the user hits "submit" without noticing these prefilled values. In the case of the editpage form, the anonok plugin can allow anyone to edit, and so I chose not to guard against CSRF attacks against users who are not logged in. Otherwise, it also embeds the session id and checks it. For page editing, I assume that the user will notice if content or commit message is changed because of CGI parameters, and won't blndly hit save page. So I didn't block those CGI paramters. (It's even possible to use those CGI parameters, for good, not for evil, I guess..) The only other CSRF attack I can think of in ikiwiki involves the poll plugin. It's certianly possible to set up a link that causes the user to unknowingly vote in a poll. However, the poll plugin is not intended to be used for things that people would want to attack, since anyone can after all edit the poll page and fill in any values they like. So this "attack" is ignorable.
2008-04-10fix what I think is a typoJoey Hess
2008-02-20add CVE idsJoey Hess
2008-02-10some updates about the recent holeJoey Hess
2008-02-10a few thoughts on data: securityJoey Hess
2008-02-10document security fixJoey Hess
The backported fix for stable is tagged and waiting for the security team to upload.
2007-12-22typoJoey Hess
2007-11-27moreJoey Hess
2007-11-27remove svn-ismsJoey Hess
2007-11-27add some documentation about how to safely allow multiple committers to anJoey Hess
ikiwiki git repository
2007-11-26releasing version 2.14Joey Hess
2007-03-21* Fix a security hole that allowed insertion of unsafe content via the metajoey
plugins's support for inserting html link and meta tags. Now such content is passed through the htmlscrubber like everything else. * Unfortunatly, that means that some valid uses of those tags are no longer usable, and special case methods needed to be added for including stylesheets, and for doing openid delegation. If you use either of these in your wiki, it will need to be modified. See the meta plugin docs for details.
2007-03-21* Fix a few bugs around page titles containing html. The worst of thesejoey
is an actual security hole as it allows insertion of html into the title element of a page, which is not processed by the htmlscrubber.
2007-02-14document recent security holejoey
2006-12-27web commit by JeremyReed: typo fixjoey
2006-11-21web commit by http://id.kurokatta.org/david: Copyedit.joey
2006-10-22some notes about the security (or lack thereof) of pluginsjoey
2006-08-28* Add toc (table of contents) plugin.joey
2006-08-28updatejoey
2006-08-27* Patch from James Westby to add a --sslcookie switch, which forcesjoey
cookies to only be sent over ssl connections to avoid interception. * Factor out the cgi header printing code into a new function. * Fix preferences page on anonok wikis; still need to sign in to get to the preferences page.
2006-08-23* Allow preprocessor directives to contain python-like triple-quotedjoey
text blocks, for easy nesting of quotes inside. * Add a template plugin. * Use the template plugin to add infoboxes to each plugin page listing basic info about the plugin.
2006-08-18updatejoey
2006-08-05misc changesjoey
2006-08-02releasing version 1.13joey
2006-07-30security notejoey
2006-07-02web commit by ThomasSchwinge: Typo fixes.www-data
2006-07-02web commit by joeywww-data
2006-07-02* Parse svn log as xml for improved utf8 and security. Note that this makesjoey
ikiwiki depend on XML::Simple. Patch by Faidon Liambotis.
2006-06-01* More security review.joey
2006-05-26typojoey
2006-05-05* Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubberjoey
and --disable-plugin htmlscrubber.
2006-05-02* Added plugin system, currently only supporting for PreProcessorDirectives.joey
* Added a pagecount plugin, enabled by default. * Support PreProcessorDirectives with no parameters, ie "[[pagecount ]]". * Fixed/optimised backlinks code, to avoid rebuilding pages to update backlinks when the backlinks hadn't really changed. * Moved inline page support, rss generation etc into the inline plugin, enabled by default. * Added brokenlinks plugin, not enabled by default, but rather handy. * Fix several broken links in the doc wiki.
2006-04-25web commit by joeywww-data
2006-04-25web commit by joeywww-data
2006-04-25security updatejoey
2006-04-25web commit by joeywww-data
2006-04-25web commit by joeywww-data
2006-04-25web commit by joeywww-data
2006-04-25implemented html sanitisationjoey
2006-04-25web commit by joeywww-data
2006-04-24updatejoey
2006-04-24updatejoey
2006-03-29improve fix for symlink attacks to check subdirectories for symlinks toojoey
before writing
2006-03-29Implemented --underlaydir, and moved files provided by underlay out of docjoey
so I don't need to maintain two copies anymore. You might also want to remove the files provided in the basewiki underlay from your wiki, if you have not created custom local versions of them, so that these pages will be automatically updated in future ikiwiki upgrades.
2006-03-26added --getctimejoey
2006-03-23found & fixed another symlink attackjoey
2006-03-23added adminuser settings, globlist support, and used this to implement pagejoey
locking
2006-03-19web commit by joeywww-data
2006-03-19web commit by joeywww-data
2006-03-19web commit by joeywww-data