Loading...
 

Category: Security

Security
Show subcategories objects

Name Type
SecurityRules
Security rules page for Tiki developement
wiki
SingleSignOnWithMultiTiki
wiki
TikiSecurity
Tiki Security: We need it, we want it, we (will) have it!
wiki
Tikiwiki and Sea Surfing
Web applications are more and more popular, more and more used, and, in consequence, more open to abuse than in past years. Tricks like XSS and CSRF are begining to spread rapidly, at least in rumor, in specialized networks. All live web applications need to verify they have basic protections against such abuses if they intend to provide a trustworthy work environment.

Jun0 brought attention to the vulnerability of tikiwiki to the CSRF trick. After some examination and work, a commando patch operation added basic protection in tikiwiki. 1.7.5, under test right now, was created to meet the security needs of the community, and will be released in next hours/days. If security is vital to your activities, upgrade now to cvs version; branches 1.7, 1.8, and HEAD are patched. We need your help to track possible side effect of the patch, then we can release without fear of regression.

Here is the mail I recently sent to a small number of tikiwiki developers explaining the whole story...
article

Upcoming Events

1)  21 Mar 2024 18:00 GMT-0000
Tiki Roundtable Meeting
2)  25 Mar 2024 17:00 GMT-0000
29th anniversary WikiBirthday (With Ward Cunningham)
3)  18 Apr 2024 18:00 GMT-0000
Tiki Roundtable Meeting
4)  16 May 2024 18:00 GMT-0000
Tiki Roundtable Meeting
5)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
8)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9) 
Tiki birthday
10)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting