Wiki Science/Wiki security

From Wikibooks, the open-content textbooks collection

There are several issues regarding security that a wiki can implement: Server Access, Communication Channels, Authentication, Read Access, Write Access, and Administration Access.

[edit] Server Access

Server Access is usually controlled by means external to the wiki software itself.

The methods for restricting access to the server include:

• Restricting IP addresses from accessing by putting it behind a firewall.
• Putting the wiki server in a network that is not connected to another network (i.e. the Internet).
• Restricting the Domain Name used to access the wiki to be local to a company's Intranet.
  • This assumes that the wiki software, or the web server software hosting the wiki, can be set up to only allow access to the wiki by a virtual host (domain name instead of IP address).

Since the point of a wiki is to have multiple users have access to information, putting the wiki on a computer by itself without connecting it to a network is not a viable option for restricting access to the server.

[edit] Communication Channels

When a user logs in to a wiki over an HTTP connection their password is sent in plain text over the network. To make eavesdropping of passwords extremely difficult the communication channel can be encrypted. This is usually done with the secure protocol HTTPS using TLS or SSL.

[edit] Authentication

There are a couple of authentication types that can be used:

• No Authentication
  • Anyone that can connect to the wiki can do any editing.
• An HTML Form Supplied by the Wiki
  • The wiki software can then use the input it receives to do multiple authentication methods including, but not limited to:
    • LDAP
    • NTLM
    • A Custom Database
• Web Server Authentication (where the web server passes the authentication information to the wiki software).
  • The web server software can then use the input it receives to do multiple authentication methods including, but not limited to:
    • LDAP
    • NTLM
    • A Custom Database

[edit] Read Access

It is possible for a wiki (though it goes against the philosophy of a wiki) to have certain pages locked so that only certain users can read them.

This author is not aware of any wiki software that supports this.

But a few Content Management Systems do, and they can be set up to handle Wiki environment.

For now, this can be accomplished using at least Mambo, Joomla or Drupal.

[edit] Write Access

There is a lot of fine grained control that wiki software can provide in this area based on authentication.

Some areas are:

• Creation of new pages.
• Editing existing pages.
• Deleting pages.
• Adding comments (or discussion posts) to pages.

[edit] Administration Access

Most wikis make administration functions restricted to administration users.