Project

General

Profile

How Safe Redmine Wiki

Added by Nokki Zulkarnaen over 12 years ago

Hi All,
This is my first chance to install and managing Redmine on my company server.
So much like it especially the wiki for easy information change and access.
Is it safe to put credentials data on wiki? since it accessed through internet without https.

ps.
i don't think to put password protected file as Documents / Files is a good idea too.. :(


Replies (4)

RE: How Safe Redmine Wiki - Added by William Roush over 12 years ago

HTTP/HTTPS access is up to your configuration, not Redmine, we run with HTTPS only on Apache (Apache does a redirect if connected to on HTTP), we're full LDAP integrated so we can't leak people's AD passwords.

As far as credentials go, I generally wouldn't put them in a wiki simply because of the nature of the wiki (can't secure individual pages on a per-user/group, unencrypted to anyone with MySQL access, etc.), but that is more of a personal opinion and it may work pretty well in your environment, I'd be more inclined to manage a keepass database or something that is available over HTTPS on the same server.

Putting instructions on how to pull the keepass database over HTTPS/SFTP/FTPS/etc. however is the path I'd go.

RE: How Safe Redmine Wiki - Added by Nokki Zulkarnaen over 12 years ago

thanks William..
one more question: are search engine crawler can access the wiki on non public project?

RE: How Safe Redmine Wiki - Added by William Roush over 12 years ago

Unless you're giving anonymous users access to the non-public project (can you even do that?), no.

RE: How Safe Redmine Wiki - Added by Nokki Zulkarnaen over 12 years ago

thanks again William..

    (1-4/4)