Manual talk:Security

Question - I've been playing around with starting a Wiki with Wikimedia, but I'm only moderately knowledgable in these matters; furthermore, the site is managed through a hosted server, so I don't know if I have any say over Apache settings. Can some of this be rendered a little more applicable for similar situations? And can it also be made a little more dummy-friendly? Thanks.


 * Yeah it would be useful to keep this page applicable to users using shared/virtual hosting environments. These may not support huge wikis, but would be suitable for some small group collaborations.  And perhaps some of the repitition from this page could be removed. -- SimonEast 05:34, 4 Aug 2004 (UTC)

javascript attacks
You may wish to serve HTML pages as plaintext to prevent cookie-stealing JavaScript attacks.

Huh. Won't this break a lot of things? Or does this apply only to the upload directory (as the code might suggest)? And doesn't Microsoft's browser treat URLs ending in .htm as web pages anyway? An example of the attack might clarify what is going on here. --Nealmcb 02:50, 26 Jul 2004 (UTC)

User accounts
It would be nice to have some indication on how to disable user account creation or at least to prevent people from doing so from outside of a certain domain. For now it seems that all this security stuff is useless and that there is a big Hack here written on the accounts creation page.

--Osyluth 04:39, 2 Aug 2004 (UTC)