The recent scare, where TWiki was responsible for permitting local access to machines where a 2.4 kernel bug could be exploited, is bound to lead to a crisis of confidence in TWiki. We know TWiki is aimed at the corporate market, and it's a price you pay for flexibility - that there are potential vulnerabilities. However TWiki is widely used on the internet (at least 688 googlable installations) so any security flaws become very high profile. Whether there will be any internet installations when the dust settles, remains to be seen.

The proposal (which would be a ChangeProposal if it could be) is to perform an agressive security audit on TWiki, plug the holes that can be plugged, and provide options to disable other functionality that is vulnerable.

To do this effectively requires many eyes looking at the code. AndrewMoise and FlorianWeimer have already taken the initiative on this, and have already been doing really good work. Developers need to respond to the issues raised, and fix the holes.

Personally, I consider this as critical for DakarRelease.

-- CrawfordCurrie - 23 Nov 2004

Crawford, should this be merged into TWikiCodebaseSecurityAudit?

-- MattWilkie - 25 Nov 2004

I completely agree this is critical for DakarRelease, to restore TWiki's reputation as a safe place to put data - even more critical in people's minds in an intranet TWiki than an Internet, even though the threats are higher on the Internet.

Since some enterprises are using TWiki for extranet purposes with customers, this could also affect corporate users, of course.

-- RichardDonkin - 25 Nov 2004