TWiki Security for Public Sites
Overview
The purpose of this topic is to list recommended practices to help assure security (or at least minimize risk) of using TWiki in public web sites. This was prompted in the aftermath of SecurityAlertExecuteCommandsWithSearch and follow-up discussions regarding potential vulnerabilities of TWiki used in public sites. Recommended Actions/Practices:- Install fix described in SecurityAlertExecuteCommandsWithSearch if you are using a version older then TWikiRelease02Sep2004
- Stay current with TWikiSecurityAlerts by subscribing to TWikiAnnounceMailingList. (duh!)
- Don't place the data directory under apache document root.
- LynnwoodBrown - 30 Nov 2004
Discussion & Comments
Resources:- Penetration Testing http://www.blackhat.com/presentations/bh-usa-01/IvanAcre/bh-usa-01-Ivan-Arce.ppt
- PWC Security Framework http://www.masoftware.org/download/verweij11-09.ppt
- Improving Web Application Security http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/threatcounter.asp
| BasicForm | |
|---|---|
| TopicClassification | TWikiDeployment |
| TopicSummary | Recommended security practices for using TWiki for public web sites. |
| InterestedParties | |
| RelatedTopics | TWikiSecurity, SecureSetup, TWikiSecurityAlerts, TWikiAnnounceMailingList, TWikiOnWebHostingSites, TaintChecking |
Topic revision: r4 - 2004-12-06 - PeterThoeny
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.