[dokuwiki] Re: Locking down a dokuwiki install

• From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Mon, 30 Jan 2006 19:22:23 +0100

On Mon, 30 Jan 2006 09:21:43 -0600
Mark McCoy <realmcking@xxxxxxxxx> wrote:

> 1. turned on ACL's, and used just one rule >> *  @ALL 1
> 2. empty user.auth.php
> 3. edited doku.php and commented out the lines that respond to the
> "?do=" HTTP_REQUEST and the doku http header (lines 23 and 40 in the
> 2005-09-22 source).  This ensures that the users can't go to any
> edit/admin/etc... any of the pages.
> 4. using system-level file permissions to make the data pages
> read-only for web server uid/gid
> 
> So, does this sound reasonable, and are there any gotchas/pitfalls
> that I may have missed along the way?

Sound's perfectly valid to me. The only probably more secure method
would be to spider your internal server with a tool like httrack and
upload static html pages to the external one.

Andi

-- 
http://www.splitbrain.org
-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• References:
  • [dokuwiki] Locking down a dokuwiki install
    • From: Mark McCoy

Other related posts:

• » [dokuwiki] Locking down a dokuwiki install
• » [dokuwiki] Re: Locking down a dokuwiki install
• » [dokuwiki] Re: Locking down a dokuwiki install

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription