Thank you very much for your good suggestions. :)
You can use the captcha plugin...
I'm not quite sure how captcha would enhance security in this scenario, since only logged-in users can edit. My understanding is that captcha stops a spambot. But a spambot cannot log in because it does not know the username and password. Unless some advantage, I would not want to go through the extra captcha step every time I log in. But maybe I'm missing something.
You can move data directory outside of the web space...
I think the following is all standard, I failed to list it out before, so here goes - savedir is currently /var/lib/dokuwiki/data and /etc/dokuwiki/apache.conf has the following (with secret_name substituted):
AliasMatch ^/secret_name/sites/[^/]+$ /usr/share/dokuwiki/
AliasMatch ^/secret_name/sites/[^/]+/(.*)$ /usr/share/dokuwiki/$1
Alias /secret_name /usr/share/dokuwiki/
I thought /var/lib/dokuwiki/data was already "outside of the web space", in the sense that apache does not normally know to go there. But maybe I'm missing something. Under the private wiki scenario, could you provide an example where changing savedir would help protect the data files from someone not logged in?
--------------------------------
- Anybody else run a private, confidential, password-protected wiki?
- If so, anything different you do from what I listed in the original post?
- Is a private, confidential, password-protected wiki common at all?
- If not common, any better alternative method for sharing private info?
- Anybody else read the original post, and agree (or disagree) with the setup I used?
Thanks in advance for any additional replies. :)
Daniel