Hi I think the current interface for uploading/downloading files from the wiki is a bit clumsy. Would it be possible to take advantage of the fact that there already is an ftp-server on lyx.org?
I'm wondering both about downloading and uploading, i.e. * Allowing people to browse/download wiki files through an FTP-interface * Allowing people to upload wiki files through an FTP-interface This is hardly my field, and I know there might be some safety/security issues involved in this. From that point of view, the following rules currently apply for uploading files to the wiki. 0. No password is needed to download a file 1. A password (lyx) is required to upload a file 2. There's a limit on the size of an uploaded file (1 MB) 3. Only files with certain file extensions may be uploaded 4. Uploaded files can be overwritten (but not deleted) 5. There is no version control of uploaded files. 6. Uploaded files are owned by the user 'apache' and the group 'wiki' drwxrwsr-x 2 apache wiki 4096 26 maj 13.49 InstantPreview -rw-rw-r-- 1 apache wiki 52 26 maj 01.10 lyxpreview2bitmap.sh When I go over these items to see what would happen if the wiki files could be accessed through an ftp-server (I mean both uploading and downloading files): 0. The same as allowing anonymous ftp access 1. It's not a very secret password... basically anyone may upload files 2. The limit is probably useful to avoid people uploading mp3:s etc 3. Nothing prevents a person from simply changing the extension, so I think this rule is here to protect windows users from clicking on a link to a .exe-file or something. I don't know if this is still something windows users have to worry about. 4. There's no problem with allowing delete, since overwrite is possible. 5. No difference, but a backup now and then is probably a good idea... 6. I think the "sticky bit" in the file permissions are used to fix the group part. This has something to do with allowing pmwiki.php to overwrite an uploaded file. For instance (IIRC), a file owned by 'chr' can not be overwritten by pmwiki.php. Of these items, the only problem I can see with allowing ftp-access is if we'd like to limit the size of a file that can be uploaded. Restricting the file type doesn't seem very important to me (but I use Linux...) Looking at this from other way, would the ftp site become vulnerable if pmwiki.php could write files to a part of its area? I have no idea. What do you think, is this something that might useful? Right now I think people find it a bit too difficult to upload stuff. As for browsing, it shouldn't be too hard write a "browser", but it seems silly since there already is an ftp-server there... /Christian -- Christian Ridderström http://www.md.kth.se/~chr
