Wikka Security

While security has never been an afterthought with the Wikka developers, recent events have caused us to re-evaluate development priorities to accomodate security improvements. The recent release of 1.1.6.3-RC1 is an example of our renewed focus towards end-user security by addressing several minor security issues, including a native PHP (non-Wikka) bug. Another example: A recent scripted vandalism attack against the WikkaWiki server and other WikkaWiki-hosted sites has led us to re-evaluate the login registration procedure to thwart scripted auto-registration.

The jumping-off point for those interested in Wikka security will be the WikkaSecurity page. Currently highlighted is our process for releasing digital signatures and checksums for Wikka releases as of 1.1.6.2, along with a quick tutorial covering the how-tos of verifying signatures and checksums. As new security processes are documented, we’ll be refactoring this page and creating links to other security-related pages so you can find security information quickly in one place.

As always, your comments are welcome and appreciated. You can contact any of the Wikka Development Team via e-mail, or even chat with us on IRC (#wikka at irc.freenode.net).

–Brian