security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
security [2022-06-19 18:07] – old revision restored (2022-05-16 11:29) bactram | security [2024-02-13 09:17] (current) – undo 178.197.202.230 | ||
---|---|---|---|
Line 11: | Line 11: | ||
When you discover a security issue in DokuWiki, please notify us. The preferred ways to do so are: | When you discover a security issue in DokuWiki, please notify us. The preferred ways to do so are: | ||
+ | * Report through [[https:// | ||
* Submit a [[bugs|bug report]] | * Submit a [[bugs|bug report]] | ||
* Send a mail to the [[mailinglist]] | * Send a mail to the [[mailinglist]] | ||
Line 17: | Line 18: | ||
The first two ways should be preferred except for very serious bugs where making the bug public before a patch is available could endanger DokuWiki installations world wide. | The first two ways should be preferred except for very serious bugs where making the bug public before a patch is available could endanger DokuWiki installations world wide. | ||
- | Previous security issues can be seen in the [[https:// | + | Previous security issues can be seen in the [[https:// |
Depending on the severity of a found security issue it will be fixed in a future release (on very minor issues) or a bugfix release will be made. In the latter case users will be informed through the [[update check]] mechanism. | Depending on the severity of a found security issue it will be fixed in a future release (on very minor issues) or a bugfix release will be made. In the latter case users will be informed through the [[update check]] mechanism. | ||
Line 163: | Line 164: | ||
==== Deny Directory Access in Lighttpd ==== | ==== Deny Directory Access in Lighttpd ==== | ||
- | Using a [[[[https:// | + | Using a [[https:// |
url.rewrite-once = ( " | url.rewrite-once = ( " | ||
Don't forget to uncomment or add “mod_rewrite” in the server.modules section of / | Don't forget to uncomment or add “mod_rewrite” in the server.modules section of / | ||
Line 185: | Line 186: | ||
Access to aforementioned directories can be disabled in DokuWiki server section of Nginx configuration file. | Access to aforementioned directories can be disabled in DokuWiki server section of Nginx configuration file. | ||
- | In your host configuration file (for example, / | + | In your host configuration file (for example, / |
+ | |||
+ | :!: Make sure that the rule is processed before other rules that control access to certain files.((See this [[https:// | ||
< | < | ||
Line 304: | Line 307: | ||
* If you can, review the plugin source code yourself, //before// installing it. | * If you can, review the plugin source code yourself, //before// installing it. | ||
* If in doubt, ask on the [[mailinglist|mailing list]]. | * If in doubt, ask on the [[mailinglist|mailing list]]. | ||
- | * Plugins are installed under the DokuWiki '' | + | * Plugins are installed under the DokuWiki '' |
* Plugins are authored by developers not directly related to the DokuWiki project - they may be inexperienced, | * Plugins are authored by developers not directly related to the DokuWiki project - they may be inexperienced, | ||
* Review the plugin page for mentioned security warnings and upgrade the plugin when new releases become available. | * Review the plugin page for mentioned security warnings and upgrade the plugin when new releases become available. | ||
+ | * If in doubt, let plugins be reviewed by a professional first. See [[faq: | ||
See also: [[devel: | See also: [[devel: |
security.1655654861.txt.gz · Last modified: 2022-06-19 18:07 by bactram