I've noticed that the admin password to the mySQL db is included in plain text in the LocalSettings.php file in my Wiki directory, which is set to 755, readable and executable by the world. Am I being paranoid, or is this a slightly insecure situation?
Can the password be encrypted, or is there some other security measure I should take?
TIA --doug
Am 02.09.2005 um 19:33 schrieb dug:
I've noticed that the admin password to the mySQL db is included in plain text in the LocalSettings.php file in my Wiki directory, which is set to 755, readable and executable by the world. Am I being paranoid, or is this a slightly insecure situation?
That's normal with about every software running on a webserver.
Can the password be encrypted, or is there some other security measure I should take?
Create a new mysql-user for the Mediawiki only or pu tthe LocalSettings-php in a path not accessible for the apache and make sure it's included via php. Advantage is that it's secure against a failure of php but honestly, that happens so seldom that it's not worth the work.
ciao, tom
-- http://de.wikipedia.org/wiki/Benutzer:TomK32 http://www.tomk32.de
Can the password be encrypted, or is there some other security measure I should take?
Create a new mysql-user for the Mediawiki only or pu tthe LocalSettings-php in a path not accessible for the apache and make sure it's included via php. Advantage is that it's secure against a failure of php but honestly, that happens so seldom that it's not worth the work.
The more fundamental issue, of course, is that if security is a major concern, you'd not be running a Wiki in the first place.
BTW, I've been prototyping a departmental Wiki for the Intranet at work, and it's working quite well: I'm using IIS and Integrated Windows authentication to control the basic "can you access the site or not" process. In an intranet environment with everyone using IE, this is transparent to the user, so they only see the Wiki user login - as long as they're permitted to use it.
Andy
Am 02.09.2005 um 23:49 schrieb Andy Cunningham:
The more fundamental issue, of course, is that if security is a major concern, you'd not be running a Wiki in the first place.
Please don't compare or even mix frontend like a wiki with backend like the database.
another idea that crossed my mind if you have only limited access to the server: put the LocalSettings.php into a subdir and use .htacces / .htpasswd
BTW, I've been prototyping a departmental Wiki for the Intranet at work, and it's working quite well: I'm using IIS and Integrated Windows authentication to control the basic "can you access the site or not" process. In an intranet environment with everyone using IE, this is transparent to the user, so they only see the Wiki user login - as long as they're permitted to use it.
don't you think your operating system per se is a security risk?
ciao, tom
-- http://de.wikipedia.org/wiki/Benutzer:TomK32 http://www.tomk32.de
just make sure you restrict all access to your database to localhost or atleast the account for the wiki mysql user
if that is how you setup mysql you can tell people your sql password, it wont matter so long as noone but yourself has access to the system, simple.
dug wrote:
I've noticed that the admin password to the mySQL db is included in plain text in the LocalSettings.php file in my Wiki directory, which is set to 755, readable and executable by the world. Am I being paranoid, or is this a slightly insecure situation?
Can the password be encrypted, or is there some other security measure I should take?
TIA --doug
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
It's not a very good design, security-wise, for included php files to be within the web document root. See http://meta.wikimedia.org/wiki/Documentation:Security#Alternate_file_layout. That said, this situation alone does not seem to be an exploitable security problem.
Personally I've moved all the included files outside the document root. Mediawiki wasn't designed for this, so I do a chdir() at the top of each directly accessed php file. This hasn't been tested very well, might not work right, and might present security problems of its own. The proper solution would be for the Mediawiki developers to explicitly design the wiki software to run in this way, possibly as an option if there is some particular reason, but I don't see what that reason could be.
Anthony
On 9/2/05, dug dalford@mindleaders.com wrote:
I've noticed that the admin password to the mySQL db is included in plain text in the LocalSettings.php file in my Wiki directory, which is set to 755, readable and executable by the world. Am I being paranoid, or is this a slightly insecure situation?
Can the password be encrypted, or is there some other security measure I should take?
TIA --doug
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Anthony DiPierro wrote:
It's not a very good design, security-wise, for included php files to be within the web document root. See http://meta.wikimedia.org/wiki/Documentation:Security#Alternate_file_layout. That said, this situation alone does not seem to be an exploitable security problem.
Personally I've moved all the included files outside the document root.
So do we, as it's easier to manage the files this way (particularly multiple versions during an upgrade transition).
In your public-facing dir you'll want a copy of any external-facing files (skin bits etc) and wrappers to index.php etc which call to whereever you've kept your local script files.
Everything in the web root is a simple way to package it for third-party users, but you don't have to run it that way. (Unless you're on some piece of crap provider that doesn't include any space outside the web root.)
-- brion vibber (brion @ pobox.com)
On 9/4/05, Brion Vibber brion@pobox.com wrote:
Anthony DiPierro wrote:
Personally I've moved all the included files outside the document root.
So do we, as it's easier to manage the files this way (particularly multiple versions during an upgrade transition).
In your public-facing dir you'll want a copy of any external-facing files (skin bits etc) and wrappers to index.php etc which call to whereever you've kept your local script files.
Any chance Wikimedia is going to release a list of which files are needed, and what the wrappers are? Or maybe it already has and there's a link to this somewhere?
Anthony
Anthony DiPierro wrote:
On 9/4/05, Brion Vibber brion@pobox.com wrote:
Anthony DiPierro wrote:
Personally I've moved all the included files outside the document root.
So do we, as it's easier to manage the files this way (particularly multiple versions during an upgrade transition).
In your public-facing dir you'll want a copy of any external-facing files (skin bits etc) and wrappers to index.php etc which call to whereever you've kept your local script files.
Any chance Wikimedia is going to release a list of which files are needed, and what the wrappers are? Or maybe it already has and there's a link to this somewhere?
Obviously the .css files, .js files, .png files, .jpeg files, etc. I'd assume anyone doing this level of configuration/securing is capable of writing a two-line script with a chdir() and an include()...
-- brion vibber (brion @ pobox.com)
Brion Vibber wrote:
Anthony DiPierro wrote:
Any chance Wikimedia is going to release a list of which files are needed, and what the wrappers are? Or maybe it already has and there's a link to this somewhere?
Obviously the .css files, .js files, .png files, .jpeg files, etc. I'd assume anyone doing this level of configuration/securing is capable of writing a two-line script with a chdir() and an include()...
To be specific...
$ tree /home/wikipedia/common/live-1.5
/home/wikipedia/common/live-1.5 |-- 404.php |-- COPYING -> ../php-1.5/COPYING |-- MWVersion.php |-- extensions -> /usr/local/apache/common/php-1.5/extensions |-- img_auth.php |-- index.php |-- math | `-- texvc -> /usr/local/apache/common/php-1.5/math/texvc |-- redirect.php |-- redirect.phtml |-- skins-1.5 -> /usr/local/apache/common/php-1.5/skins |-- thumb.php `-- wiki.phtml
Where /home/wikipedia/common/live-1.5 is linked from the /w/ directory in the document root, and /usr/local/apache/common/php-1.5 is the main code directory. We use /skins-1.5/ instead of /skins/ to support having a mix of 1.4 and 1.5 installations.
-- Tim Starling
Tim Starling wrote:
To be specific...
$ tree /home/wikipedia/common/live-1.5
/home/wikipedia/common/live-1.5 |-- 404.php
^Custom ErrorDocument handler, not required, will be custom to your site.
|-- COPYING -> ../php-1.5/COPYING
Teh GPL r0x0rz
|-- MWVersion.php
^ Custom include file for the .php wrappers. This checked our upgrade log during 1.4-to-1.5 transition to determine which version to chdir() to; if you had such a thing it would be custom to your site.
|-- extensions -> /usr/local/apache/common/php-1.5/extensions
The extensions directory is needed only if you're using extensions that contain external-facing files, such as style sheets and images. If you are picky you can copy them in individually, or simply use your web server configuration to block off script execution in there.
|-- img_auth.php
You only actually need img_auth.php if some of your sites are locked against public reading.
|-- index.php
Script entry point obviously is important. ;)
|-- math | `-- texvc -> /usr/local/apache/common/php-1.5/math/texvc
Hm, I'm not sure we actually need this. Having it on the internal dirs should be enough.
|-- redirect.php
Used only by the Nostalgia skin.
|-- redirect.phtml
For backwards compatibility with very old versions of Nostalgia skin. ;)
|-- skins-1.5 -> /usr/local/apache/common/php-1.5/skins
As with extensions you can if you like pick and choose to leave out scripts from here. Note that you can place the skins root whereever you like by setting $wgStylePath; that allows you to version the style sheets in a way that's friendly to rolling upgrades and caching.
|-- thumb.php
I think this requires an option to actually use, by default thumbs are still being generated on page render and linked directly.
`-- wiki.phtml
For compatibility with old versions.
-- brion vibber (brion @ pobox.com)
mediawiki-l@lists.wikimedia.org