Recent Changes - Search:

OTRR Wiki Home Page

Old Time Radio Researchers Group


FirstLines /
21stPrecinct
Firstlines /
Abbottandcostello
FirstLines /
AbbottAndCostello
AirAdventuresJimmieAllen
AldrichFamily
AllStarWesternTheatre
AmosAndy
ArchieAndrews
Blondie
BoldVenture
BoldVentureZIVSequence
BostonBlackie
Box13
BulldogDrummond
Contribs
Counterspy
DangerDoctorDanfield
DangerousAssignment
DangerousAssignmentBackup
DannyKayeShow
DeMarco
DimensionX
Firstlines /
Firstlines
FirstLines /
FredAllenFredAllenShow
FredAllenHourOfSmiles
FredAllenLinitBathClubRevue
FredAllenSaladBowlRevue
FredAllenSalHepaticaRevue
FredAllenShow
FredAllenShowOneLog
FredAllenTexacoStarTheater
FredAllenTownHallTonight
FrontierGentleman
GreatGildersleeveHaroldPeary
GreatGildersleeveWillardWaterman
Gunsmoke
HallsOfIvy
HaveGunWillTravel
HomePage
InnerSanctum
JackBennyProgram01
JackBennyProgram02
JackBennyProgram03
JackBennyProgram04
JackBennyProgram05
JonathanThomasChristmasOnTheMoon
LineUp
LukeSlaughter
LumAndAbner1
ManCalledX
MrMrsNorth
OnStage
OzzieAndHarriet
PatNovakForHire
ProudlyWeHail
RadioGOLDINdex
RichardDiamond
RichardDiamondPrivateDetective
RoguesGallery
StewartMessage
SuspensePartOne
SuspensePartTwo
TemplateScript
ThatHammerGuy
TheAdventuresOfSuperman
TheAdventuresOfSupermanPageEight
TheAdventuresOfSupermanPageFive
TheAdventuresOfSupermanPageFour
TheAdventuresOfSupermanPageOne
TheAdventuresOfSupermanPageSeven
TheAdventuresOfSupermanPageSix
TheAdventuresOfSupermanPageThree
TheAdventuresOfSupermanPageTwo
TheaterFive
TheCoupleNextDoor01
TheGreenHornet
TheGreenHornetPageFour
TheGreenHornetPageOne
TheGreenHornetPageThree
TheGreenHornetPageTwo
TheHallsOfIvy
TheManCalledX
TheSixShooter
VicAndSade
WildBillHickok
YouBetYourLife


CertFirstLines /
AddressUnknown
BabeRuthCollection
BarrieCraigConfidentialInvestigator
BarrieCraigConfidentialInvestigatorPage01
BarrieCraigConfidentialInvestigatorPage02
BarrieCraigConfidentialInvestigatorPage03
BarrieCraigConfidentialInvestigatorPage04
BarrieCraigConfidentialInvestigatorPage10
BarrieCraigConfidentialInvestigatorPage15
BarrieCraigConfidentialInvestigatorPage99
BarrieCraigConfidentialInvestigatorPageFooter
BehindTheScene
BigShow
BlackMuseum
BlairOfTheMounties
BlueBeetle
Box13
BrightStar
BroadwaysMyBeat
BroadwaysMyBeatFooter
BroadwaysMyBeatPage01
BroadwaysMyBeatPage02
BroadwaysMyBeatPage03
BroadwaysMyBeatPage10
BroadwaysMyBeatPage15
BroadwaysMyBeatPage99
CandyMatsonYukon28209
CaseDismissed
CavalcadeOfAmerica
CavalcadeOfAmericaPage01
CavalcadeOfAmericaPage02
CavalcadeOfAmericaPage03
CavalcadeOfAmericaPage04
CavalcadeOfAmericaPage05
CavalcadeOfAmericaPage06
CavalcadeOfAmericaPage07
CavalcadeOfAmericaPage08
CavalcadeOfAmericaPage10
CavalcadeOfAmericaPage15
CavalcadeOfAmericaPage99
CavalcadeOfAmericaPageFooter
CavalcadeOfKings
Chase
ChetChettersTalesFromTheMorgue
CinnamonBear
CloakAndDagger
ClydeBeattyShow
CrimeClassics
CruiseOfThePollParrot
DangerouslyYours
DangerWithGrainger
DarkFantasy
DayOfTheTraffids
DevilAndMrO
Dragnet
DragnetPage01
DragnetPage02
DragnetPage03
DragnetPage04
DragnetPage10
DragnetPage15
DragnetPage99
DragnetPageFooter
DrJekyllAndMrHyde
FalconTheAdventuresOfThe
FalconTheAdventuresOfTheFooter
FalconTheAdventuresOfThePage01
FalconTheAdventuresOfThePage02
FalconTheAdventuresOfThePage03
FalconTheAdventuresOfThePage04
FalconTheAdventuresOfThePage05
FalconTheAdventuresOfThePage06
FalconTheAdventuresOfThePage10
FalconTheAdventuresOfThePage15
FalconTheAdventuresOfThePage99
FamilyDoctor
FatMan
FatManFooter
FatManPage01
FatManPage02
FatManPage03
FatManPage10
FatManPage15
FatManPage99
FifthHorseman
FireFighters
FiveMinuteMysteries
FortLaramie
FrontierGentleman
GoodNewsOf
GreenValleyLine
HallsOfIvy
HallsOfIvyFooter
HallsOfIvyPage01
HallsOfIvyPage10
HallsOfIvyPage15
HelloAmericans
HillbillyBoys
HomePage
IncredibleButTrue
InTheNameOfTheLaw
ItSticksOutHalfAMile
LetGeorgeDoIt
LetGeorgeDoItFooter
LetGeorgeDoItPage01
LetGeorgeDoItPage02
LetGeorgeDoItPage03
LetGeorgeDoItPage04
LetGeorgeDoItPage10
LetGeorgeDoItPage15
LetGeorgeDoItPage99
LukeSlaughterOfTombstone
MayorOfTheTown
MrKeenTracerOfLostPersons
MrPresident
MysteryHouse
NeroWolfeTheNewAdventuresOf
Nightwatch
PhilipMarloweBBC
PhilipMarloweTheAdventuresOf
PhilipMarloweTheAdventuresOfFooter
PhilipMarloweTheAdventuresOfFootnote
PhilipMarloweTheAdventuresOfPage01
PhilipMarloweTheAdventuresOfPage02
PhilipMarloweTheAdventuresOfPage03
PhilipMarloweTheAdventuresOfPage10
PhilipMarloweTheAdventuresOfPage15
PhilipMarloweTheAdventuresOfPage90
PhilipMarloweTheAdventuresOfPage99
PhilipMarloweTheAdventuresOfSpecialNote
PhiloVance
PlanetMan
PoliceHeadquarters
PopeyeTheSailor
PrivateFilesOfRexSaunders
QuietPlease
RadioHallOfFame
RedBookDramas
RichardDiamondPrivateDetective
RockyFortune
SamSpadeTheAdventuresOf
SealedBook
SecretAgentK7
SecretsofScotlandYard
ShellChateau
SherlockHolmesConwayAndBruce
SherlockHolmesRathboneAndBruce
SilentMen
SixShooter
SkyKing
SmithsOfHollywood
StandByForCrime
StrokeOfFate
Whitehall1212
WorldAdventurersClub
YoursTrulyJohnnyDollar
YoursTrulyJohnnyDollarFooter
YoursTrulyJohnnyDollarPage01
YoursTrulyJohnnyDollarPage02
YoursTrulyJohnnyDollarPage03
YoursTrulyJohnnyDollarPage04
YoursTrulyJohnnyDollarPage05
YoursTrulyJohnnyDollarPage06
YoursTrulyJohnnyDollarPage07
YoursTrulyJohnnyDollarPage08
YoursTrulyJohnnyDollarPage09
YoursTrulyJohnnyDollarPage10
YoursTrulyJohnnyDollarPage11
YoursTrulyJohnnyDollarPage12
YoursTrulyJohnnyDollarPage99

Security


Aspects of PmWiki security are found on the following pages:

Pages distributed in a PmWiki release:

  • Passwords General use of passwords and login
  • Passwords Admin More password options for the administrator
  • AuthUser Authorization system that uses usernames and passwords
  • Url Approvals Require approval of Url links
  • Site Analyzer
  • Blocklist Blocking IP addresses, phrases, and expressions to counteract spam and vandalism.
  • Notify Allows a site administrator to configure PmWiki to send email messages whenever pages are changed on the wiki site
  • Security variables variables crucial for site security

Cookbook Pages

How do I report a possible security vulnerability of PmWiki?

Pm wrote about this in a post to pmwiki-users from September 2006. In a nutshell he differentiates two cases:

  1. The possible vulnerability isn't already known publicly: In this case please contact us by private mail.
  2. The possible vulnerability is already known publicly: In this case feel free to discuss the vulnerability in public (e.g. on pmwiki-users or in the PITS).

See his post mentioned above for details and rationals.

What about the botnet security advisory at http://isc.sans.org/diary.php?storyid=1672(approve sites)?

Sites that are running with PHP's register_globals setting set to "On" and versions of PmWiki prior to 2.1.21 may be vulnerable to a botnet exploit that is taking advantage of a bug in PHP. The vulnerability can be closed by turning register_globals off, upgrading to PmWiki 2.1.21 or later, or upgrading to PHP versions 4.4.3 or 5.1.4.
In addition, there is a test at PmWiki:SiteAnalyzer that can be used to determine if your site is vulnerable.

Wiki Vandalism and Spam

Assumptions
you are using a Blocklist and Url approvals.
You don't want to resort to password protecting the entire wiki, that's not the point after all.
Ideally these protections will be invoked in config.php

How do I stop pages being deleted, eg password protect a page from deletion?

Use Cookbook:DeleteAction and password protect the page deletion action by adding $DefaultPasswords['delete'] = '*'; to config.php or password protect the action with $HandleAuth['delete'] = 'edit';

or $HandleAuth['delete'] = 'admin'; to require the edit or admin password respectively.

How do I stop pages being replaced with an empty (all spaces) page?

Add block: /^\s*$/ to your blocklist.

how do I stop pages being completely replaced by an inane comment such as excellent site, great information, where the content cannot be blocked?

Try using the newer automatic blocklists that pull information and IP addresses about known wiki defacers.

(OR) Try using Cookbook:Captchas or Cookbook:Captcha (note these are different).

(OR) Set an edit password, but make it publicly available on the Site.AuthForm template.

How do I password protect the creation of new groups?

See Cookbook:Limit Wiki Groups

How do I password protect the creation of new pages?

See Cookbook:Limit new pages in Wiki Groups

How do I take a whitelist approach where users from known or trusted IP addresses can edit, and others require a password?

Put these lines to local/config.php:

## Allow passwordless editing from own turf, pass for others.
if ($action=='edit'
 && !preg_match("/^90\\.68\\./", $_SERVER['REMOTE_ADDR']) )    
 { $DefaultPasswords['edit'] = crypt('foobar'); }

Replace 90.68. with the preferred network prefix and foobar with the default password for others.

See also Cookbook:AuthDNS.

How do I password protect page actions?

See Passwords for setting in config.php

$HandleAuth['pageactionname'] = 'pageactionname'; # along with :
$DefaultPasswords['pageactionname'] = crypt('secret phrase');

or

$HandleAuth['pageactionname'] = 'anotherpageactionname';

How do I moderate all postings?

Enable PmWiki.Drafts

  • Set $EnableDrafts, this relabels the "Save" button to "Publish" and a "Save draft" button appears.
  • Set $EnablePublishAttr, this adds a new "publish" authorization level to distinguish editing from publishing.

How do I make a read only wiki?

In config.php set an "edit" password.

How do I restrict access to uploaded attachments?

See

How do I hide the IP addresses in the "diff" pages?

If the user fills an author name, the IP address is not displayed. To require an author name, set in config.php such a line:

  $EnablePostAuthorRequired = 1;

The IP address can also be seen in a tooltip title when the mouse cursor is over the author name. To disable the tooltip, set in config.php:

$DiffStartFmt = 
  "<div class='diffbox'><div class='difftime'><a name='diff\$DiffGMT' href='#diff\$DiffGMT'>\$DiffTime</a>
   \$[by] <span class='diffauthor'>\$DiffAuthor</span> - \$DiffChangeSum</div>";



This page may have a more recent version on pmwiki.org: PmWiki:Security, and a talk page: PmWiki:Security-Talk.

Edit - History - Print - Recent Changes - Search
Page last modified on May 21, 2012, at 05:05 PM