Remarks /etc/uwiki.conf remains because the server secret and uWiki location must be known to the CGI module. The server secret will not be passed via environment variables because of security issues. Other settings have been moved to _meta/_config
recentchanges
git log has a —color output which can be made nice with sed, after all the log can be grinded with sed to add links
and stuff.
general webdesign
add css and styles for the uWiki forms
add configuration, css and templates for asciidoc
Documentation and Help
error messages
tip-links
user docs
Wiki engine
lots of actions and type implementations are missing and need to be implemented
delete
moinimport
acl
subscribe, notify, …
mirror
integrate the Edit Area source editor
redirect stderr to a temporary file which will be included in the following request
security audit the code before make scripts Anonymous executable
factor authentication and security (user-account/server-secret) relevant things out to a suid binary running in its own account
Create a small suid CGI program to take care of the authentication process.
It will be placed outside the uWiki tree, e.g. /usr/lib/cgi-bin/uwiki
It should have access to the secret in /etc/uwiki.conf but not the uWiki itself.
After checking credentials and the action to be executed it will include the appropriate
Haserl script (e.g. <%in /path_to/_uwiki/_actions/$action %>)
move user accounts and groups to _uwiki/_meta too, using the meta_lookup function
Together with the factoring out of authentication above this and the following have to be looked at:
Move the account directory into the uWiki tree: _uwiki/_users
Metadata should be versioned?
Move _type, _groups and _users into _meta?
Textareas in haserl seems to be limited in size (env vars), prolly a better language required (C/libcwa?) This is discussed with the haserl upatream authors, they work on a fix.
Finalize the permission settings of the uWiki sources. Now, wiki:wiki is used for everythin.
E.g. split /var/www/_uwiki/lib into /var/www/_uwiki/lib and /var/www/_uwiki/seclib.
The latter will deal with ACL and will have stricter access rules
Creating and editing pages become tri-stage. If no page-name is given, it first asks for one. Make the Name entry readonly. This allows permission checks and acl lookup when requesting an create/edit.
ACL creation derrives from parent dirs, this does not affect ACL checking and lookup. Only the suggested ACL at creation will be assembled by a recursive buildup from all parent entries.
The http_redirect function should be parametrized and made more generic.
One should be able to call it with HTTP status, page to display, etc.
Get rid of /etc/uwiki.conf.
Accounts will be moved into uWiki tree anyway.
Other settings can be placed in e.g. _uwiki/_config or into _uwiki/_meta.
The secret can be passed into the apache/cgi environment and dropped then.
Remarks /etc/uwiki.conf remains because the server secret and uWiki location must be known to the CGI module. The server secret will not be passed via environment variables because of security issues. Other settings have been moved to _meta/_config
Move metadata out of the uWiki tree?
E.g. $webroot/_uwiki/_meta -> $webroot/_meta
Remarks The directory _uwiki is now a parameter in /etc/uwiki.conf (uwiki_sub_dir). In this way the uWiki does have to be necessarily in the document_root and can be any subdirectory. _meta is just the subdirectory of it.