You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2011/12/28 17:30:17 UTC
Improving wiki security
Given we see almost as many spam changes as valid ones, is it time for this:
http://wiki.apache.org/general/OurWikiFarm#per_wiki_access_control_-_tighten_your_wiki_just_a_little.2C_benefit_just_a_lot
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
RE: Improving wiki security
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
> Subject: Re: Improving wiki security
> I propose to drop the "sites using Tomcat" list.
I have to respectfully disagree with removing that list - I think it serves a significant purpose as Tomcat marketing material. I would add a caveat to the header stating that the list is not verified.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Improving wiki security
Posted by Mark Thomas <ma...@apache.org>.
On 29/12/2011 18:00, Konstantin Kolinko wrote:
> 2011/12/28 Mark Thomas <ma...@apache.org>:
>> Given we see almost as many spam changes as valid ones, is it time for this:
>>
>> http://wiki.apache.org/general/OurWikiFarm#per_wiki_access_control_-_tighten_your_wiki_just_a_little.2C_benefit_just_a_lot
>
> -1.
> I do not see benefits from proposed change and I do not want to
> administer people (esp. not having administrative tools like a list of
> all registered user names etc.).
Fair enough.
The biggest benefit is that the spam never gets into our mail archive
which is the primary aim of the spammers.
> I think there will be more overhead with managing people than the
> current one with reverting vandalism.
I'm not so sure but since you are doing for more wiki maintenance than I
am, I defer to your view.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Improving wiki security
Posted by Konstantin Kolinko <kn...@gmail.com>.
2011/12/28 Mark Thomas <ma...@apache.org>:
> Given we see almost as many spam changes as valid ones, is it time for this:
>
> http://wiki.apache.org/general/OurWikiFarm#per_wiki_access_control_-_tighten_your_wiki_just_a_little.2C_benefit_just_a_lot
-1.
I do not see benefits from proposed change and I do not want to
administer people (esp. not having administrative tools like a list of
all registered user names etc.).
I think there will be more overhead with managing people than the
current one with reverting vandalism.
With users requesting contribution rights one has to react in several
hours and make decision on unclear grounds. With vandalism the actions
are more clear, do not take much time, and I do not see a problem in
reacting in ~24 hours. There was only one epidemic in the last year
when a dozen of pages were changed at once.
I think that there are other simple changes that can and must be implemented.
1. Protect certain pages like FrontPage from editing by anyone but AdminGroup.
2. I think we must review / drop the PoweredBy page.
Some time ago (about two years ago I think) I split the page into three lists:
a) Sites
b) Hosting providers
c) Surveys and other publications
The experience of the last two years is
a) Sites is a big list that is loosely maintained (almost never
updated) and is hard to verify whether the claims are true. That is it
is hard to verify whether some random site uses Tomcat, that it is
safe, that it should be allowed to the list, or that it is pure
spam...
I propose to drop the "sites using Tomcat" list.
Maybe write something like "we dropped the list on January 2012,
because..." (not sure about wording).
b) The hosting providers list is maintained. There were a dozen of
updates during this year and it is easy to verify whether there is
public offer on the site or not.
I propose to keep the list and move it to a separate page.
c) The surveys - some are outdated. I would like to keep the list, but
I'd prefer to see some contribution to it. That is if anyone knows
some more up-to-date information or publications to list there.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
RE: Improving wiki security
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Mark Thomas [mailto:markt@apache.org]
> Subject: Improving wiki security
> Given we see almost as many spam changes as valid ones, is it
> time for this:
> http://wiki.apache.org/general/OurWikiFarm#per_wiki_access_control_-
> _tighten_your_wiki_just_a_little.2C_benefit_just_a_lot
That could put me out of a job - so I'm all for it.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Improving wiki security
Posted by Brian Burch <br...@pingtoo.com>.
On 29/12/11 02:30, Mark Thomas wrote:
> Given we see almost as many spam changes as valid ones, is it time for this:
>
> http://wiki.apache.org/general/OurWikiFarm#per_wiki_access_control_-_tighten_your_wiki_just_a_little.2C_benefit_just_a_lot
I already expected to ask for permission before making any changes. I am
surprised to hear it is currently open access. I am not surprised to
hear that this generosity and trust is frequently abused. Sad world...
+1
Brian
p.s. can I be added to the list of wiki contributors!
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org