[Moin-user] Wiki suitability by ACL, security, and support
tr.wiki at telus.net
Wed Aug 12 09:41:04 EDT 2009
> I'm sure wiki developers will answer as well; but figured I'd send some comments as well.
I do appreciate hearing from a user of the system, because such a point of view is valuable.
Moin does look like a lean dedicated wiki that doesn't get caught up in trying to do everything (and thus doing everything poorly). I thought it was pretty impressive at first look.
> Well, moin is quite powerful, so its interface is maybe not as simple as the one of a less powerful wiki.
That's interesting, because my first impression of Moin was that it was easy and intuitive to use right away. I didn't get lost in it like in some other wikis, and found the interface quite nice (not overwhelming). Thanks for the thoughts on access control and support too. It does look like Moin has a good dependable support base.
> Security is such a tricky subject. You say "they won't be aware of each other.", but that might be more than you mean. You could, for example, host a bunch of clients on the same host - wikis.example.com/ at which point a curious user could start plugging in alternate URLs to see if they get different responses (they will).
We aren't working for clients competing with each other, so it's unlikely that a user would guess what the other client names are.
> Do users create their own accounts? Are you having Apache manage your users? If there is just one database of users, then customers will be "aware" that certain user names will be unavailable to them, for no reason that is obvious to them.
Yes, there would have to be multiple databases of users in that case. I have seen wikis, though (XWiki for example) that can set up wiki farms and have "global" users that have access to all wikis while keeping other users isolated from each other.
Thanks for your thoughts and pointers on security.
> Since we fundamentally do the same thing for each client, what I do is set up a new wiki for each new client. This way, when you're searching for a common term (say "statement of work"), you're looking in the specific client's wiki for that info, eliminating 'noise' from other clients.
That's a very good point that we hadn't thought of.
> the backend is configured as:
Yes, that's something like what we have in mind. Of course, it would be nice to log in once as a "development" user who has access to all the wikis. But there again, like you said above, the searching then becomes redundant.
Thanks to all who replied, I do appreciate you taking the time to respond so comprehensively.
More information about the Moin-user