Ryan Lane <rlane32 <at> gmail.com> writes:
I'd like to mention that from a security
perspective, I like the fact
that by default MediaWiki does not allow Wordpress style upgrades and
code modifications. MediaWiki exploits may lead to vandalism, but
Wordpress exploits generally lead to shell or root access, and
compromise of all of your other applications.
While this is certainly true for updates and PHP-enabled skin files, a web-based
configuration panel is actually much more secure than editing a PHP-based
settings file through FTP. There is a multitude of malware out there which can
steal FTP passwords by infecting your computer, or your router, or any nearby
computer if you use unsecured wifi access. (Sure, you could use SFTP or
something equivalent, but how many people actually do? And how many webhosts
provide it?) The most common stuff such as allowing uploads or enabling
extensions should be accessible through a GUI for both usability and security
reasons.