Secure Wiki
-
I'm not a big fan of necro posting and I realize this wiki question comes up often in forums but this seemed to really be on point when I saw this ML thread.
I'm in need of a wiki to serve similar function with security features at the very top of the list, to allow clients to look at their own documentation but no access to others, good search capability...etc. I've looked at options like Alfresco, MediaWiki, DokuWiki and I think I'm leaning towards DokuWiki however, this comment on their site makes me rethink this...
"DokuWiki's ACL feature has been included for some time and should be pretty stable. However, if you are concerned about the risk of unauthorized users accessing information in your wiki, you should never put it on a computer accessible from the Internet."
This could be a simple CYA statement but I will need this wiki to be available to many clients online and I would like to hear if people's recommendations have changed.
@scottalanmiller Did you land on an ideal solution?
-
I do like DokuWiki but I do not use it to expose to customers in that way, so I've never considered their ACL security features in that manner, I'm afraid.
-
@scottalanmiller How do you make documentation available to clients? Do you just send it to them? Do they have access to a system to give them access?
-
@NashBrydges said in Secure Wiki:
@scottalanmiller How do you make documentation available to clients? Do you just send it to them? Do they have access to a system to give them access?
Correct, we only send it to them. Or we document in their own systems.
-
@NashBrydges Generally, I send it to them. But you could use something like NodeBB to do this. You can make catergories granularity available and only visible to appropriate users.
I do this with community.bundystl.com
We have a single category that only employees see. If you are not signed in, or you are signed in but not a member of the employee group, you cannot see the category.
Also I have a sub category that is publicly accessible but not publicly visible. That one is for public documents that have lots of child pages. Similar to my FreePBX guide here. All the he child pages are in the category that no one can see. That way it is easy for the users to follow the main guide.
-
@JaredBusch said in Secure Wiki:
@NashBrydges Generally, I send it to them. But you could use something like NodeBB to do this. You can make catergories granularity available and only visible to appropriate users.
It's amazing how much a forum, blog and wiki tend to overlap today. Nearly all the same tech, just presented in different ways.
-
@JaredBusch Interesting approach. Didn't realize you could have that granular control over access.
-
@NashBrydges said in Secure Wiki:
@JaredBusch Interesting approach. Didn't realize you could have that granular control over access.
Yup, we did some tests here on the community. Worked but we phased it out. Didn't want to have private groups here of any nature. But making unique categories and subcategories with membership works out fine. And not only does it make documenting pretty easy, but you naturally get an easy way to have discussions or track info about the documentation.
It's just that you make the OP be the doc, and the subsequent posts be the discussion.
-
-
I do documentation in Gitlab. All internal so no outside access, but has ACLs per repo to handle that.
-
Gitlab EE now has full website capability. You can create a site from the repo.
-
How about a different wiki for each client? Maybe using containers?
-
@aaronstuder said in Secure Wiki:
How about a different wiki for each client? Maybe using containers?
That's extreme, why not just make each its own website like normal? Containers is just loads of overhead and management.
-
I feel like WordPress may be a nice option. If the default access control structure doesn't work well for your needs, there are some great addins.
I use WordPress as a wiki with a nice wiki theme for internal IT use. I added a few addins to make it too easy... such as pasting in screen captures, etc. Its almost exactly like working in MS Word.
If you have it publically accessible, you can lock it down with WordFence and Securi.
-
@Tim_G said in Secure Wiki:
I feel like WordPress may be a nice option. If the default access control structure doesn't work well for your needs, there are some great addins.
I would never trust WordPress with anything I wanted to keep secure. Very high risk, WordPress is only good as a marketing tool with content you want everyone to have.
Not to mention the performance of the database over time, the bloating, PHP being a pig, so so many things wrong with it.
-
@Breffni-Potter said in Secure Wiki:
@Tim_G said in Secure Wiki:
I feel like WordPress may be a nice option. If the default access control structure doesn't work well for your needs, there are some great addins.
I would never trust WordPress with anything I wanted to keep secure. Very high risk, WordPress is only good as a marketing tool with content you want everyone to have.
It's not any more difficult to secure than any other similar system.
The three reasons for it's bad reputation is because of people using a default install and doing nothing to keep it secure (no different than anything else in IT). The second reason is due to using old and/or outdated addins. The last reason is simply not keeping everything up to date.
My blog is being hit by oh so many thousands of attackers daily... annnnd all is perfectly well. I have the logs to prove it. I keep it up to date, I don't run any addins that aren't well supported and kept up to date, and I installed security/firewall software (free even).... as well as some other simple security measures the software walks you through.
-
@Breffni-Potter said in Secure Wiki:
@Tim_G said in Secure Wiki:
I feel like WordPress may be a nice option. If the default access control structure doesn't work well for your needs, there are some great addins.
Not to mention the performance of the database over time, the bloating, PHP being a pig, so so many things wrong with it.
I'm not as familiar with this part because the biggest database I've ever had regarding this only consisted of about ~100k forum posts, several thousand users... wordpress articles only a few thousand, with like 50k images. So I can't really comment on wordpress database bloat on an enterprise level. Mine have never grown past like 30-50 meg... or something like that. May have been less I don't remember.
I'm not sure what you mean about what's wrong with WordPress... because it seems to always have worked great and performed very well for me and those I've set it up for.
If it's small things nobody notices, then who cares? Nitpicking? I'm very open minded, so if there's any punch behind this I'll definitely consider moving away from WordPress when using it externally.