security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
security [2022-09-01 20:08] – [Reporting and Notifications] andi | security [2024-02-13 09:17] (current) – undo 178.197.202.230 | ||
---|---|---|---|
Line 18: | Line 18: | ||
The first two ways should be preferred except for very serious bugs where making the bug public before a patch is available could endanger DokuWiki installations world wide. | The first two ways should be preferred except for very serious bugs where making the bug public before a patch is available could endanger DokuWiki installations world wide. | ||
- | Previous security issues can be seen in the [[https:// | + | Previous security issues can be seen in the [[https:// |
Depending on the severity of a found security issue it will be fixed in a future release (on very minor issues) or a bugfix release will be made. In the latter case users will be informed through the [[update check]] mechanism. | Depending on the severity of a found security issue it will be fixed in a future release (on very minor issues) or a bugfix release will be made. In the latter case users will be informed through the [[update check]] mechanism. | ||
Line 164: | Line 164: | ||
==== Deny Directory Access in Lighttpd ==== | ==== Deny Directory Access in Lighttpd ==== | ||
- | Using a [[[[https:// | + | Using a [[https:// |
url.rewrite-once = ( " | url.rewrite-once = ( " | ||
Don't forget to uncomment or add “mod_rewrite” in the server.modules section of / | Don't forget to uncomment or add “mod_rewrite” in the server.modules section of / | ||
Line 186: | Line 186: | ||
Access to aforementioned directories can be disabled in DokuWiki server section of Nginx configuration file. | Access to aforementioned directories can be disabled in DokuWiki server section of Nginx configuration file. | ||
- | In your host configuration file (for example, / | + | In your host configuration file (for example, / |
+ | |||
+ | :!: Make sure that the rule is processed before other rules that control access to certain files.((See this [[https:// | ||
< | < | ||
Line 305: | Line 307: | ||
* If you can, review the plugin source code yourself, //before// installing it. | * If you can, review the plugin source code yourself, //before// installing it. | ||
* If in doubt, ask on the [[mailinglist|mailing list]]. | * If in doubt, ask on the [[mailinglist|mailing list]]. | ||
- | * Plugins are installed under the DokuWiki '' | + | * Plugins are installed under the DokuWiki '' |
* Plugins are authored by developers not directly related to the DokuWiki project - they may be inexperienced, | * Plugins are authored by developers not directly related to the DokuWiki project - they may be inexperienced, | ||
* Review the plugin page for mentioned security warnings and upgrade the plugin when new releases become available. | * Review the plugin page for mentioned security warnings and upgrade the plugin when new releases become available. | ||
+ | * If in doubt, let plugins be reviewed by a professional first. See [[faq: | ||
See also: [[devel: | See also: [[devel: |
security.1662055687.txt.gz · Last modified: 2022-09-01 20:08 by andi