[EMAIL PROTECTED] wrote: > While I see pmwiki site under spam attack, and after having restored a > couple of web pages, I'm troubling myself with the following > (dreadful) thought: is there a sort of security > lock/code/flag/hash/signature/whatever allowing people to trust > (somehow) the recipes the community upload/download and let run inside > its servers? >
Valid concern, although I don't know how tempting a target we are. A Two-part Solution: First, Maintainers and/or watchers monitor their recipe pages with Notify. Many already do this. Yes, they'd have to password their watchlist. (Anyone knowlegable enough to infect a recipe would know how to edit a watchlist.) Second, Watch for Uploads. There are some 3rd party recipes that do this already, but I don't know how they work. It might be easiest to say that an upload counts as changing all pages that reference it, which then triggers Notify. If you get notified of a change you didn't make,... This method still puts the onus on the page maintainer(s), but it requires no more work than they already do when they volunteer to watch and/or maintain a page. For legitimate updates, they get an email saying something they already know (and maybe some other watchers sending them email to double-check). It fails when a recipe doesn't have a maintainer and/or watcher. Sandy _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users