[dokuwiki] Re: plugin deletion

  • From: Myron Turner <turnermm02@xxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Sun, 06 Feb 2011 10:53:24 -0600

On 2/6/2011 10:38 AM, Michael Hamann wrote:

Excerpts from Myron Turner's message of 2011-02-06 17:04:22 +0100:
The 'safe" and 'non-safe' designations refer to the fnencoding safe
protocol, and not to whether or not the file browser is safe.  I do have
an .htaccess rule in the directory where they symbolic links occur which
prevents indexing.  So this prevents the media directory from being
viewed by http.

I've read that together with the comment "fckgLiteSafe also has an enhanced
file browser with greater security." - that's why I assumed there
actually was a difference in security.

As of this morning fckgLite was downloaded 14861 times from from 4470
Unique IP's. It is being used in all kinds of contexts, wherever
Dokuwiki is used.  There have not been any recent complaints about
security. I did have early complaints and there was in fact a time when
it wasn't "safe" in the sense that you mean it, but over the course of
the year and  half that it has been in development, I've worked hard to
address the security concerns.  In fact, access to the media
directory--not the data directory itself--does have an http security
flaw which I haven't figured out a way to correct, but I have made this
clear in the documentation and provided ways for administrators to deal
with it.

My problem is not that the media directory is accessible, that can be
okay, my problem is that there is no prominent place where I can read
that. I've now found the information on the discussion page and some
tiny bits on
I think it would be good to include that documentation in the plugin
page itself because imho most people won't read the discussion page or
the whole documentation before installing the plugin.

That's a good idea, and I will do it so that the issues are right out front.

Myron Turner

DokuWiki mailing list - more info at

Other related posts: