[wikka-community] Q: How safe is it to store passwords in Wikka-Wiki?
Brian Koontz
brian
Wed May 14 18:34:27 GMT 2008
On Wed, May 14, 2008 at 06:28:05PM +0200, Micha?l Perez wrote:
> Some of the users have been storing their user names & passwords in a
> personal wikka page with the ACL specifically set to them only. I reckon
> this is insecure, since the passwords are sent clear text to the clients.
> I'm not very knowledgeable about https or SSL but would it help if the wiki
> is run over a secure line? Can wikkawiki run via https? Maybe I'm asking
> silly questions...
I've done exactly that with a sensitive external wiki that was
access-restricted. If you go this route, make sure to disallow http
connections; otherwise, you defeat the purpose of using SSL if some
users aren't going to bother with the right protocol.
Sorry, can't help with the web-based password storage. I just use a
GPG-encrypted file and SSH into my server when I need a password :)
(Obviously, not something you'd want your non-IT folks having to
do...)
> Thanks again for all the hard work. I (and everybody around me) really
> appreciate it.
You're welcome!
--Brian
--
Brian Koontz
Wikka Development Team
Systems Support and Random Tasking Dept.
More information about the community
mailing list