[Mediawiki-l] Installation: security lockdown after HEAD installation
Derek A. Rogillio
dereklist at rogillio.net
Thu Apr 22 13:23:43 UTC 2004
Brion Vibber wrote:
> The current command-line installer is being axed in favor of the
> in-place install (which perhaps will be improved in the future to allow
> a command-line execution as well as the browser-based install) We're
> certainly _trying_ to make the in-place installation secure, though.
I apologize for the delay in my reply, but I really appreciate you
taking the time to help me with this. I'm implemented all of your
Additionally, I think the Apache redirect trick forcing all URLs to
reference Index.php makes a lot of sense. If you miss securing a
particular data file or script it cannot be accessed directly.
I also see that the .htaccess files were checked in to CVS. This makes
things extremely easy for all of us testing directly from a CVS
checkout. Kudos and thanks for this!
I'm now proudly testing on the most recent CVS and have to say that so
far it has been very solid. The usability improvements alone are
incredible. My test users (who often run with scissors) are already
pressuring me to move the new software into the main Wiki. We're all
really looking forward to the next release.
More information about the MediaWiki-l