[Mediawiki-l] Installation: security lockdown after HEAD installation
Derek A. Rogillio
dereklist at rogillio.net
Tue Apr 20 19:42:52 UTC 2004
I've been running the stable branches for quite a while, but wanted to
branch out into the HEAD release to try some of the new features in a
For background, I'm running Debian testing (Sarge).
I downloaded the latest software from CVS into the phase3 directory. I
tried to do a command-line install using install.php but this does not
appear to be working. Reading the script, some of the necessary
directories are not referenced or copied in install.php. I know the
install.php installation is not working in the stable branches. Is this
true with the HEAD branch as well?
I decided to try the in-place install. I copied the entire phase3
directory to a place accessible by my web server and renamed it to
something more appropriate (testwiki). I ran the in-place install and
everything worked perfectly.
One downside with this approach is that I now have a bunch of files
accessible to my web server that I am sure don't need to be there.
Since a lot of this is new, I'm not sure what I can remove now that the
Wiki is running, nor do I know what might be a security risk. Has
anyone done a writeup on cleaning up/securing an installation of the
HEAD branch? I wasn't able to find anything via Google.
The other downside is that I expect HEAD to be updated quite often.
Since install.php and upgrade.php expect files to be in different
locations than the in-place install, how do you update the installation
to the latest version from CVS?
Thanks in advance for any help you can provide. As a side note, I am
really impressed with some of the new features and especially the mono
More information about the MediaWiki-l