moderated wiki

This page is used to collect all necessary data to setup a moderated wiki with strict rules for access. You could decide yourself how to setup the moderated wiki yourself. This page should help to decide what should be done or what best is done.

What it is

There are many definitions possible. In our case it is a wiki which has strict access rules and a limitation in user access. ACLs are used to define restrictions for sensitive data.

rules for wiki setup

• look carefully on all (additional user) plugins. e.g. a parser or macro which uses system calls could open the pandora box

rules for attachments

rules for user setup

• users should be registered from the moderator of the wiki
• the account information is sent personally by a letter or encrypted by mail.
• inhibit registration of unknown users
• ACLs should be defined from the wiki moderator
• inhibit sending of clear text diffs by mail
• inhibit sending of a new or the old password by mail

rules for server setup

• clear definition of the web server probably a vhost configuration. It should be well known who has unlimeted access to the server/wiki. Probably only the moderator of the wiki is allowed to have full access.
• restriced machine access by a vhost configuration and a local firewall.
• encrypted connection (ssl) for the wiki or best for the whole web server
• think about the backups, who has access
• check if it is possible to restore a backup.