[Mediawiki-l] Installation: security lockdown after HEAD installation

Derek A. Rogillio dereklist at rogillio.net
Thu Apr 22 13:23:43 UTC 2004


Brion Vibber wrote:

> The current command-line installer is being axed in favor of the 
> in-place install (which perhaps will be improved in the future to allow 
> a command-line execution as well as the browser-based install) We're 
> certainly _trying_ to make the in-place installation secure, though.

Brion,

I apologize for the delay in my reply, but I really appreciate you 
taking the time to help me with this.  I'm implemented all of your 
suggestions.

Additionally, I think the Apache redirect trick forcing all URLs to 
reference Index.php makes a lot of sense.  If you miss securing a 
particular data file or script it cannot be accessed directly.

I also see that the .htaccess files were checked in to CVS.  This makes 
things extremely easy for all of us testing directly from a CVS 
checkout.  Kudos and thanks for this!

I'm now proudly testing on the most recent CVS and have to say that so 
far it has been very solid.  The usability improvements alone are 
incredible.  My test users (who often run with scissors) are already 
pressuring me to move the new software into the main Wiki.  We're all 
really looking forward to the next release.

Thanks again!

-Derek






More information about the MediaWiki-l mailing list