[Project-managers] Mind your Trac pages
Andreas Waechter
andreasw at watson.ibm.com
Fri Apr 14 11:42:03 EDT 2006
Just to add to that:
For the Ipopt project pages (projects.coin-or.org/Ipopt) we had some bots
attacks in the past. Matt then changed the settings so that someone who
wants to change the pages needs to enter a user id and a password. I
visibly publish those (not on the mail page, though) so that person who
wants to edit the pages, can do that after clicking on one link and
reading a bit. After that, no malicious changes happened.
I think this is a good solution, if you want, you can just look at what I
did for the Ipopt project.
However, I still check from time to time what changes happened to the wiki
pages. The easiest way to find out if something was edited, is to click
on the "timeline" tab.
Greetings,
Andreas
On Fri, 14 Apr 2006, Matthew Saltzman wrote:
> If your project has a Trac page (every project in Subversion does, and most
> that don't already will shortly), it would be a good idea to check in on it
> every so often to make sure the content is OK. Remember that Wikis are open
> to editing by anybody so there is no sure-fire protection against nefarious
> content modification. Unlike tickets, Wiki pages in Trac have no way to
> notify you when pages are modified.
>
> We've had a couple of incidents of bots replacing our Trac home pages with
> spam. If your page has serious problems with these automated attacks, we can
> put measures in place that can slow them down, but it would still be possible
> for human indivduals to edit the pages. We are an open community, so I think
> that closing Wiki pages to all editing by community members should be a last
> resort.
>
> Thanks for your diligence.
>
> --
> Matthew Saltzman
>
> Clemson University Math Sciences
> mjs AT clemson DOT edu
> http://www.math.clemson.edu/~mjs
> _______________________________________________
> Project-managers mailing list
> Project-managers at list.coin-or.org
> http://list.coin-or.org/mailman/listinfo/project-managers
>
More information about the Project-managers
mailing list