[Moin-user] Wiki suitability by ACL, security, and support

Eric Johnson eric at tibco.com
Tue Aug 11 15:05:21 EDT 2009

Hi Trevor,

Trevor wrote:

> My questions are:
> 1. We will want to segregate the clients from each other (ie. they won't be aware of each other), but our development team would need one-login access to all content, across clients.  ie. if a developer logs in, they would have access to all content; if client A logs in, they would only see client A's content, etc.  Am I understanding correctly that "wiki farms" and proper ACL would help us achieve this?  

Security is such a tricky subject. You say "they won't be aware of each
other.", but that might be more than you mean. You could, for example,
host a bunch of clients on the same host - wikis.example.com/ at which
point a curious user could start plugging in alternate URLs to see if
they get different responses (they will).

Do users create their own accounts? Are you having Apache manage your
users? If there is just one database of users, then customers will be
"aware" that certain user names will be unavailable to them, for no
reason that is obvious to them.

Certainly, at least, you can configure MoinMoin so that people don't see
the *contents* of wiki when they're not supposed to, but you may not be
able to prevent them from being aware of the *existence* of a wiki.

>From what you've laid out so far, I'd suggest you need to spend a lot
more time thinking through the requirements and "threats" to the system.
Security is usually a multi-layered affair. And it is always worth going
back and reassessing on a regular basis. At least for what we're doing
in my company, MoinMoin has supported our requirements around security,
more so than other wikis we've evaluated.

> 2. I'm trying to get an idea of the support base behind MoinMoin: for example, is it one main developer driving the project and supported by several (or many) others?  Or is it truly a community-driven project?  How much of the support relies on one person?  What are users' support experiences like?
> Any comments or additional information would be welcome.  Excuse me if I have asked questions that are readily available on the website -- I have looked through the online documentation (which is quite good, by the way) but have also evaluated many wikis and my brain is starting to blur.

As to the support question, of course, if you do adopt MoinMoin, you add
to the user base, and to the list of people who might contribute
something to the community.


More information about the Moin-user mailing list