Hi all,
We have a mediawiki site for our staff members to document their technical works, therefore we'd like to upload some source codes or patch files other than images or .doc and .pdf format. For example, .diff, .patch, .tar.gz, .xml, .conf, .sh, .pl, .py, .c.
However we are not quite sure if there is any security concern about this issue. Does anyone experience this before?
Thanks
Eric
Yifan (Eric) Jiang wrote:
Hi all,
We have a mediawiki site for our staff members to document their technical works, therefore we'd like to upload some source codes or patch files other than images or .doc and .pdf format. For example, .diff, .patch, .tar.gz, .xml, .conf, .sh, .pl, .py, .c.
However we are not quite sure if there is any security concern about this issue. Does anyone experience this before?
Thanks
Eric
The server the files MUST NOT try to run the .sh/.pl/.py files as cgi. Your users shouldn't choose the Open action on downloading if it would run the file.
If the presentation is intended for read-only, you could consider passing the potentially-active files through an HTML conversion. This would still allow copy-and-paste from the browser, but prevent running.
-- Joshua
On 9/17/07 4:50 AM, "Platonides" Platonides@gmail.com wrote:
Yifan (Eric) Jiang wrote:
Hi all,
We have a mediawiki site for our staff members to document their technical works, therefore we'd like to upload some source codes or patch files other than images or .doc and .pdf format. For example, .diff, .patch, .tar.gz, .xml, .conf, .sh, .pl, .py, .c.
However we are not quite sure if there is any security concern about this issue. Does anyone experience this before?
Thanks
Eric
The server the files MUST NOT try to run the .sh/.pl/.py files as cgi. Your users shouldn't choose the Open action on downloading if it would run the file.
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
-- Joshua
mediawiki-l@lists.wikimedia.org