Passwords and https
You will probably use passwords to control access to your mediawiki installation. You may notice that the standard, default, one-click Dreamhost mediawiki installation uses a form on an http: web page to take your password. This means that your password will go over the network in cleartext, unless you are using VPN. To use https: SSL to encrypt your password, you cannot use Dreamhost's one-click installation: you must use the "Advanced" installation, and reconfigure it to use https. At Dreamhost, you must have purchased a fixed IP address, and enabled Secure Hosting. Unfortunately, to get this higher level of security, you must do more management of the mediawiki installation yourself, including installing security updates.
After you move LocalSettings.php from config to your root directory, have a look at its permissions. LocalSettings.php has your DB login information in it, including the db username and db password. When created/modified by the Wiki install process, it has -rw-rw-rw- permissions (i.e. everyone with an account on the server can read and write to it). While your directory permissions might prevent people from navigating the filesystem for the file, they still may be able to figure out the path and read/change it directly.
A good measure of security may be had by, after moving LocalSettings.php from config to your root directory, executing the following commands:
$ cd <your wiki root directory> $ chmod 640 LocalSettings.php
$ chmod 660 LocalSettings.php
depending on whether you want it group writeable (latter) or just writeable for the owner (former)
- Actually, if you are running PHP with CGI (instead of Apache module), it is actually better and more secure to mark the file LocalSettings.php only readable/writable by the owner, i.e.
$ chmod 600 LocalSettings.php
- So other people on the same server will not be able to steal your MySQL password from your setting file.
- Another good security idea is to set up an external PHP file that stores your passwords elsewhere and will pass them in as variables. for example, my LocalSettings file, instead of explicitly including the DB passwords, etc., links to the passwords in a file stored in a directory above the web root. e.g., where wiki directory is /home/yourusername/domain.com/w/, you would create a directory called "external_includes", in which you then create a file called "database_info". The path to this file would be /home/[yourusername]/external_includes/database_info and the file would include the following (fill in your true values in the quotes):
<?php $database_server = "mysql.domain.com"; $database_name = "databasename"; $database_user = "username"; $database_pw = "password"; ?>
- Save that, then put the following lines into your LocalSettings.php (of course setting the variables accordingly in the external file and deleting the actual values from the LocalSettings.php file, which are now stored in the database_info file)
# enhanced DB security require_once ("/home/[yourusername]/external_includes/database_info"); $wgDBserver = $database_server; $wgDBname = $database_name; $wgDBuser = $database_user; $wgDBpassword = $database_pw; # DB variables not security related - leave these alone from how when you set up your wiki $wgDBprefix = "wiki_"; $wgDBtype = "mysql";
- This way, even if someone does somehow read your LocalSettings file from the web (I'm not sure how they could with 600 permissions, but it's theoretically possible), it still doesn't get them anything. Fungiblename 05:47, 18 Jul 2006 (PDT)