Tags:
create new tag
view all tags

Question

We have a company Intranet, https://private.company.com, which is available outside the firewall by password access.

Our twiki is on int.company.com, available only inside the firewall.

I requested making the twiki available on private.company.com.

Our Sys Admin said: "private. company.com is relatively easy to "secure", as authentication to it is handled at the top level. Twiki on the other hand uses a series of embedded htaccess files. Which means that a mistake made in setting up a web could very easily open up confidential information to the world at large.

The whole point of having a VPN is to create a single (more easily defended) point of entry in front of services who's security may be an issue. File servers, email, and other company vital resources are behind it, and for obvious reasons. Given its structure I personally refuse to take responsibility for securing a Wiki containing confidential information exposed to the Internet."

Is he correct? Or are we merely unenlightened about how to properly configure things?

Environment

TWiki version: TWikiRelease01Sep2004
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Free BSD 4.7
Web server: Apache/1.3.27
Perl version: 5.005_3
Client OS:  
Web Browser:  
Categories: Security

-- VickiBrown - 04 Nov 2004

Answer

Security and authentication depends on how you set up TWiki. In a corporate environment it is almost always better to authenticate against the corporate systems of record (NIS, LDAP, etc), so that there is a single logon. TWiki can map between login name (jsmith) and WikiName (JohnSmith).

In your case you could put your whole TWiki on private.company.com under https, with users authenticated at the top level (outside TWiki). That is in fact the setup we had on the original TWiki at TakeFive. See more at TWikiUserAuthentication.

-- PeterThoeny - 06 Nov 2004

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r3 - 2004-11-08 - VickiBrown
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.