Andreas Gohr wrote: > Chuck Soper writes: > >> Is the "wiki:security" page up to date? > > Yes, however keep in mind that most things there are recommended > precautions but not strictly neccessary. > >> What is the best way to ensure that my docuwiki is secure and protected? > > Set up an restrictive ACL and make sure file permissions are set to a > bare minimal needed value. The latter might be difficult for you to do > on a shared host, depending on how the Webserver/PHP was setup. See > http://wiki.splitbrain.org/wiki:install:permissions for details. Chuck wants his wiki protected from "other users at my web host from viewing or modifying any part of the wiki". I don't have much experience with secured shared web hosting, but on a plain vanilla linux, my understanding is that you usually have php run in the process space of apache (and hence shares the security context it is run with.) If you just have a bunch of virtual hosts setup, they will all run under the same context, so all PHP scripts can access precisely the same files. I am ignorant of how shared web hosting works in practice, but what you need to do is somehow tie different uids to different apache processes. This *would* be done using the |perchild module, adding the AssignUserID directive in the virtual host section, and the || ChildPerUserID in the global section of the apache conf file. I say "would" because the perchild mod does not work yet. I understand that if you run apache in CGI mode, you can wrap it with a setuid program. However, for performance reasons, I don't know that many web hosting companies would actually do this. I would check it out with them. (Actually I would probably just write a PHP script to try reading someone else's files :) ). Ultimately you would have to trust anyone with the root password on the shared web host. |Regards, Luke -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist