[dokuwiki] Re: somewhat urgent question - hiding contents in _media
- From: Christopher Smith <chris@xxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Sun, 23 Mar 2008 19:06:58 +0000
On 23 Mar 2008, at 14:54, Tobias Eigen wrote:
Hi Andi,
It is now possible for unauthenticated people to access all the
contents of the _media path, including google. This is disastrous for
us as we have been using the wiki for internal discussions and
planning. We have namespaces set up to be public, and others set up to
be private. All content uploaded to the wiki, whatever the namespace,
is publicly visible.
Maybe I need to phrase the question another way: is it possible to
block direct access to the _media path, or to verify that you can only
access certain media if you are authenticated for that namespace?
Cheers,
Tobias
Its always been possible. DW can't protect you from your webserver.
You have two main choices:
- prevent your webserver from directly serving the media files. The
standard DW installation includes a ".htaccess" file denies direct
access to files in the data directory -- for webservers that
understand them and are configured to use them (e.g. apache).
- move your data directory outside your webroot.
More information can be found at http://wiki.splitbrain.org/wiki:security
- Chris
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
