Not saying it’s not secure, just that I’d have constant doubts whether I’ve covered all the bases if I were doing it. Especially ensuring an intruder can’t compromise anything else if they take it over via some security exploit in PHP or DocuWiki itself.
The service runs as an unpriviledged user, even if, at worst, an intruder would delete or replace the wiki itself. Even the php-fpm behind it runs as that unpriviledged user and is not shared with any other service.
I doubt an attacker could do anything worse than DoS on the wiki itself.
That public wiki gives me the security heebie-jeebies. 🤭
Why?
Not saying it’s not secure, just that I’d have constant doubts whether I’ve covered all the bases if I were doing it. Especially ensuring an intruder can’t compromise anything else if they take it over via some security exploit in PHP or DocuWiki itself.
The service runs as an unpriviledged user, even if, at worst, an intruder would delete or replace the wiki itself. Even the php-fpm behind it runs as that unpriviledged user and is not shared with any other service.
I doubt an attacker could do anything worse than DoS on the wiki itself.