create new tag
, view all tags
There are a number of ways of preventing, controlling, or fixing vandalism on a wiki, and some additional possibilities on a TWiki.



Traditional Wiki "Security"

I need to add some links to pages on c2 discussing the WikiWay and similar. Some of those links are on About These Pages.

A typical/traditional wiki has no access control to wiki pages, so anyone can edit, even known troublemakers. TWiki does have access control (not perfect) which can be used to limit who is allowed to edit.

Thus, in a typical wiki, preventing or correcting vandalism is accomplished by the wiki community, by monitoring pages for vandalism and correcting any vandalism which occurs.

Typically, a "Recent Changes" page allows anyone to see which pages have changed recently. Some members of a wiki community "read" the wiki site by watching the recent changes page and checking out pages that interest them.

Some wikis provide an email notice of changed pages, either for a single page or a selection of pages. On TWiki, email notification is for an entire "web" (analagous to a directory or folder). Wikilearn (vs. WikiLearn) is one web on the TWiki developer's TWiki. Someday I plan to move it to its own site, and when I do will divide the content among multiple webs (Linux, C, Cpp, Python, ...). At that point (or if we set up a TWiki at tldp.org), one or more webs could be devoted to LDP HOWTOs.

Another capability of many wikis is the ability to revert the changes on a page. TWiki has this capability, in the form of a command to delete the current revision of a page, which means that the previous revision becomes the current revision. And, of course, more than one revision can be deleted.

Additional Capabilities of TWiki

Access Control

Individual pages or entire webs can have restrictions on who can read and write to them. (Note that, unless something has changed that I'm not aware of, the restriction on reading is easily overcome by a search, so it is not suitable for materials that require "real" security.)

Also, since we are "soliciting" comments from the entire user community, restricting write access is somewhat counterproductive.

For known troublemakers, there is, IIRC, a possibility to limit access based on their IP address (and maybe domain?).

Reverting Revisions

Mentioned above, I need to look up the command, it is usually treated as something of a secret, because reverting (deleting) a revision deletes any record of it from the RCS file, thus it's not like an UNDO / REDO thing — deletion of a revision cannot be undone. Wow, until I wrote this, I hadn't really thought about that — not necessarily the most desirable thing. I'll have to check, I'm guessing that the power to delete a change can be restricted, but, I'm not sure about that.

Monitoring Changes

Periodically check the WebChanges pages for a given web, and or subscribe to WebNotify to get a daily email listing the changes to a web. There are some things here I should check on and then make clear, checking the "Minor Changes" checkbox when making a revision may prevent a change from showing up in one of the change mechanisms (there is a third I didn't mention, that may be the one that from which minor changes are excluded.

Revision Control

All pages are under RCS revision control. Except as discussed under reverting revisions, old versions of the page can be viewed (and, of course, material copied and pasted to create a new more current revision) and changes between any two revisions can be displayed as a diff (or a page with all the diffs since revision 1.1 of the page can be displayed).

The Comment Plugin

I'll have to dig into this — a TWiki plugin is available to allow comments to be added to a page without editing. I have a vague recollection that a page can be set up to disallow editing but still allow comments to be added. That would help to restrict the amount of vandalism that can be done.

Wiki Philosophy

I mentioned the need to add some links touching on this, but I may want to explicitly mention that a wiki communitiy is typically built on trust and policed by its members. If too much is done in the way of enforced security, it may destroy that community of trust (or prevent it from forming).

Notes on Editing and Revisions

This should (and will, I think) be moved to another page.

  • Explain ways of signing contributions or comments. (Full signature or initials, minor comments "inline" in italics, typo fixess often with no attribution, horizontal lines, etc.)

  • TWiki starts all documents at revision 1.1 and increments the number after the decimal point with "each revision".

  • TWiki doesn't recognize all revisions. Revisions made by the same author within 60 minutes of a previous revision are "rolled into" the previous revision.
    • Discuss how to force a revision?
    • Point out the "release edit lock" checkbox on the edit page but that although releasing the edit lock allows someone else to edit the page, it does not end the 60 minute revision timeout (checking it does not allow you to force a revision).
    • Should I discuss why TWiki is set up that way (the belt (preview) and suspenders (60 minute timeout) approach to allowing an editor to revise his comments, and that, IIRC, it is fairly easy to change the edit lock so it defaults to releasing after every edit. There is, IIUC, no simple way (without a program change) to change the 60 minute revision timeout.


  • () RandyKramer - 21 Nov 2003
  • If you edit this page: add your name here; move this to the next line; and if you've used a comment marker (your initials in parenthesis), include it before your WikiName.

Revision Comment

  • %DATE% —

Page Ratings

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2003-11-25 - RandyKramer
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by PerlCopyright 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding WikiLearn? WebBottomBar">Send feedback
See TWiki's New Look