oh yes i found it too bad that i ve no ssh acces to my webserver ..... is it possible that thre is a bug if i export via Special:Export and paste all pages in there the script builds not a valid xml file if i export via Special:Export/Name everything is fine thx a lot so far greetz Stephan 2005/9/27, Rob Church <robchur(a)gmail.com>om>:

On 9/28/05 1:14 PM, "Rob Church" <robchur(a)gmail.com> wrote: scripts to this would then variables to pass instructions to the script must be called with work protect it with HTTP folder The second bullet is not very secure with regard to (e.g.) net snooping. This problem can be alleviated if you can run the site (or at least the maintenance scripts) via SSL. If not SSL, you could use this plan (more secure than passing a key in the open, but more work): A) Select a shared secret value (string). B) Write a script to run locally on the desktop to create a Message Authentication Code (MAC) by doing an MD5 hash on the parameters, plus a timestamp, plus the shared secret. Pass the parameters, the timestamp and the MAC in the query string (but NOT the shared secret... Duh!). C) Include at the top of the maintenance script a step that recreates the MAC using the parameters, the timestamp, and the shared secret (hard-coded in the script, read in from a server-based file, etc.) If the recreated MAC does not match the passed MAC, the message is inauthentic and execution should stop. This step assures that whatever system prepared the MAC knew the shared secret (which should be only your system, right?), or if not (stolen token), that the whole query string was passed with no values altered. D) If the MAC's match, the timestamp should be checked against the current time for a reasonable delay (we often use 90 seconds). This helps protect against "replay" attacks, where a MAC is stolen and re-used. It's really not that much code if you have an MD5-creating library available (check Google). We have done it for other systems, but have no need for MediaWiki (we just "ssh" in -- so lucky!). -- Joshua