Manual talk:Security

Question - I've been playing around with starting a Wiki with Wikimedia, but I'm only moderately knowledgable in these matters; furthermore, the site is managed through a hosted server, so I don't know if I have any say over Apache settings. Can some of this be rendered a little more applicable for similar situations? And can it also be made a little more dummy-friendly? Thanks.

javascript attacks
You may wish to serve HTML pages as plaintext to prevent cookie-stealing JavaScript attacks.

Huh. Won't this break a lot of things? Or does this apply only to the upload directory (as the code might suggest)? And doesn't Microsoft's browser treat URLs ending in .htm as web pages anyway? An example of the attack might clarify what is going on here. --Nealmcb 02:50, 26 Jul 2004 (UTC)