Hi Everyone, I wanted to provide a quick heads up... recently we hardened the web server. We did things like ensuring root owned things, user 'apache' had u+r files, while providing u+rw in a few places as required, like runtime temp directory for session information. Apache seems well configured now, and mostly follows best practices.
The hardening partially broke the wiki. For example, the wiki cannot generate thumbnails at the moment. You can see its effects by visiting the homepage. I'm having trouble clearing the issues because I cannot find a guide on Mediawiki's security best practices, and or even a list of which directories need u+rw. (I'd prefer MediaWiki run under a different security context than Apache, but that does not appear to be a viable option). I've got a couple of questions open on the Stack Exchange network: * http://webmasters.stackexchange.com/questions/93864/best-practice-for-temp-directory-used-by-mediawiki * http://webmasters.stackexchange.com/questions/93758/file-system-permission-for-mediawiki-uploads * http://webapps.stackexchange.com/q/94930/72479 if you have experience with Administering MediaWiki, then please provide some suggestions. Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
