I'm sorry for my delayed responses. Thanks for everyone's help. I have a few more questions below...
At 9:36 PM +0200 8/7/07, Andreas Gohr wrote:
On Tue, 7 Aug 2007 11:39:06 -0700 Chuck Soper <chucks3@xxxxxxxxxx> wrote:>The mod_rewrite rules can be placed in your .htaccess file. Is this a good approach? Could someone possibly help me with the rules required for my .htaccess file? Or, do you know a good web site for learning more about .htaccess?DokuWiki comes with an example .htaccess.dist - just rename it and look at the comments inside. Should be pretty obvious what to do. If not, see wiki:rewrite.
1. Permissions:I uncommented the lines in the .htaccess file that comes with the distribution. (This file was named ".htaccess" rather than ".htaccess.dist".) Does this take care of my permissions or do I manually set the directory permissions as well? My web host told me this: "Regarding permissions, all your directories should have 755 permissions and all your files should have 644 permissions. Data files and directories (which will not be accessed directly by the web browser, but will be accessed by your application) can have 600 and 700 directories respectively.
The mod_rewrite rules can be placed in your .htaccess file."I'm not sure which DokuWiki files/directories are considered data (which will not be accessed directly by the web browser, but will be accessed by your application). I think that they're listed somewhere.
2. Forcing HTTPS at login:
To force HTTPS at login, I added these lines to the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{QUERY_STRING} do=log
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R,QSA,L]
The following page said to add these lines to my apache.conf file. I
asked my web host where my apache.conf file is and they told me to
add the lines to my .htaccess file.
http://wiki.splitbrain.org/wiki:security#forcing_https_at_login 3. Registration:I need to control read/write access for my wiki. It seems like there are two ways to do this:
r1. Disable the Register button by adding the following line to conf/local.php: $conf['disableactions'] = 'register';Doing this would require me to add users. I discovered that line here: http://wiki.splitbrain.org/wiki:acl?s=register#configuration
r2. Password project my wiki directory. This seems like the best solution but, I'm not entirely sure how to implement this. I think that using .htaccess is the most common way. I'll ask my web host for help. Any suggestions would be appreciated. Thanks.
> >>Unfortunately, I'm not a PHP developer. Will I need a PHP developer>>to set up dokuwiki to be secure? >No! Of course not. Good. When I look over the DokuWiki documentation I do see lots of PHP code.DokuWiki docs will usually start with a general description of a feature and how to use it as a user. Then a more indepth description of how a feature is implemented follows. This is to help people who like to make full use of the Open Source nature of DokuWiki by modifying the code to their likeness. Andi
Sounds good. Thanks. Chuck -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist
