Short description
We should have a security policy which checks against approved external links on a wiki page. Similiar to the BC page policy but for allowing only those URLs.
Allow from ApprovedContent Deny from BadContent
We can block url spam by acls for the ApprovedContent page.
We have to know if it is an internal or external link.
![/!\](/moin_static19/modernized/img/alert.png "/!\"){kind=small}
Please describe how it would work exactly in practice.
I recognized meanwhile that it is impossible to work on this in moin1.
At first glance we need a view in moin2 which is able to show all pages which have external links. First step is to collect all that links in meta similiar to itemlinks and transclusion. The result of the view should be compared on each access with the recent BC page. We should get notified if it detects on old pages a new entry. Also a cli script should check if those links exists.
The approvement concept needs a very good plan. For now I think if we can configure that we don't want external links in our wiki, we don't get link spam but also this disables a nice feature then for all users.
Remark: No, we for sure won't compare all external links of an item "on each access" with all BadContent patterns. That's neither needed nor performs/scales well. -- ThomasWaldmann 2012-01-23 14:16:18
Why is it expensive to compare the collected list of links with BC patterns? -- ReimarBauer 2012-01-23 14:28:16
Because for each link there is (N) you need to match it against some hundreds (M) regexes -> O(N * M)? And following your plan, that would happen for each request and for all pages...
- I thought about having only one regex using "or" not a loop over all entries.
- IIRC, we had that in the far past - and then we hit some limitation of the regex engine. Also, this would not improve the situation a lot. Whether you match a lot of simple regexes or one extremely huge (and growing) one...