Question

My question is general. By definition and with intent, Twiki is clearly very open. What security is in place or optional? Can it be configured to prevent users from calling externally hosted scripts (e.g. javascript) that could potentially be malicious? What options are there to enable open collaboration while protecting the OS and connected infrastructure from malicious intent?

Environment

-- TWikiGuest - 02 Jul 2004

Answer

Q

What security is in place or optional?

A

Lots. RTFM.

Q

Can it be configured to prevent users from calling externally hosted scripts (e.g. javascript) that could potentially be malicious?

A

Not clear what you mean. If you mean "can I filter URLs", the answer is you would have to write code. If that isn't the question, what is?

Q

What options are there to enable open collaboration while protecting the OS and connected infrastructure from malicious intent?

A

RTFM, and the Apache/other webserver manuals.

-- CrawfordCurrie - 03 Jul 2004

TWiki has many security options needed in a corporate environment. It is unlikely that the underlying file system can get compromized.

You can create groups and lock down individual pages are whole webs. Collaboration works best without too many restrictions; there is however a psychological barrier to open up content. See TWikiAccessControl

-- PeterThoeny - 03 Jul 2004