I forgot to mention our web services are firewalled so no one outside
the organization can see the content. So we allow "everyone" to read,
meaning everyone at our organization. You are right that if we were
open to the world reading would be a different matter and probably
require login or other authentication.
Wikis are scary things and if you don't think there can be security
problems on an open system just visit the George W. Bush page on
Wikipedia. Our firewall shrinks our world to just the right size and
logins-to-edit makes the content even more secure.
-Jim
-----Original Message-----
From: David Pace [mailto:gps.david.pace@gmail.com]
Sent: Wednesday, September 06, 2006 3:20 PM
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] to require login or not
In the environment I use Mediawiki in, security is a very important
concern, so naturally we require login to edit or even view wiki pages.
I'm not sure what your particular business entails no what the exact
purpose of your depolyment is, but if you have proprietary corporate
data on there you should at the very least be requiring logins to edit
if not view the content. If you are a public corporation, I would urge
this even more strongly.
Liability for the loss or leaking of proprietary corporate information
is a serious matter and one which shareholders should take very
seriously. In order to best mitigate the risk and protect the company
and yourself from potential shareholder legal action, you shoudl take
every security measure you can and document it all.
I understand you want to ensure there are few barriers to entry, but
there are options like LDAP authentication available and frankly
requiring users to sign up isn't that big a deal. Get managment behind
it and give the users a reason to use the wiki and they will, period.
Regards,
Dave Pace
On 9/6/06, Sullivan, James (NIH/CIT) [C] <sullivan(a)mail.nih.gov> wrote:
We had this discussion where I work and the idea of not being able to
trace back the edit to a contact was deemed to be a bad thing since
you could not track down who made the edit in order to discuss what
they meant by that edit. Talk pages are limited in this respect since
not everyone uses them.
In our setup we require logins to edit (but anyone can read), allow
anyone to setup a login account and require email verification for the
account to be established. We were not particularly
interested in
detering spamming or disgruntled employees. We simply wanted to know
which user made an edit so anyone could contact them about the edit
using the "Email this user" link in the toolbox. Since we use our
wiki for collaboration the idea of an anonymous editor makes little
sense since it is difficult to collaborate with those you cannot
contact and do not know.
We were worried about the effort people would go through to create an
account but we found no one was detered. It's a one-time effort and
we found that if people really wanted to contribute, the effort was
not an obstacle.
Hope this experience helps...
-Jim
-----Original Message-----
From: Andy Roberts [mailto:aroberts@gmail.com]
Sent: Wednesday, September 06, 2006 9:22 AM
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] to require login or not
On 02/09/06, gmu 2k6 <gmu2006(a)gmail.com> wrote:
> I'm running a wiki at work and a coworker asked me to require login
> for any article editing so that he can see who created/modified the
> article. my point is that the barrier to surf-by-editing is too high
> with logins required. then he said that people
can use Cookies to be
logged in
always.
what do you guys think? I'm trying to form a well-informed opinion
for
the discussion.
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l