#It's not 100% safe, there could be security hole using that one. Use at your own risks. I was planning to ask this. I am using mediawiki as a tool to let website owners manage their own content. The site appears as a normal site to everyone else, and only the admins know that it is a mediawiki. Does this mean that if some hacker found out what my website was made of, he could easily find his way in? Am I making a site that is more easier to hack, as all source is free-ly avaiable for them to find security holes? On 4/21/05, Ben DeVore <ctrlphreak(a)gmail.com> wrote:

On 4/22/05, Tor Kinlok <tor(a)superman.ws> wrote: I think the point is that, since MediaWiki is designed for sites that are more open than this, tracking down and fixing ways to get round the restrictions has never been a priority, and gets little in the way of testing. There may be specific flaws that people know about but haven't the time to fix, I don't know, but the main point is that *there might be* ways of breaking things if people really wanted to. Just don't assume that, once the setting's turned on, you are 100% guaranteed that nobody can affect anything without logging in. -- Rowan Collins BSc [IMSoP]

On 4/22/05, Pedro Timoteo <patimoteo(a)dti.pga.aero> wrote: heh, I'd reccomend in addition to doing the forced logins to use .htpasswd, that will gurantee that any holes in it would be blocked anyway (as people have to login to even login). and, http://wikimediafoundation.org uses forced login, so i would think it would be pretty secure (they haven't been hacked because of it yet, have they?) -- Tom