Sputnik: Security

Security

You can configure Sputnik to limit who can read or edit pages. There are ways to deal with spam. You can also use Sputnik "behind the scenes" to manage a site that only you can edit.

Spam

If you want to leave your wiki freely editable by everyone, but are worried about Spam, see Spam.

Cross-Site Scripting

To prevent cross-site scripting, Sputnik defaults to aggressive XSS Filtering. You can relax the rules or get rid of XSS filtering altogether if you wish.

Permission

If you want to control who can read or edit what nodes, see Permissions.

Authentication Modules

If you want to use alternative authentication systems, please see Authentication.

Sandboxing

If you are worried about the security implications of the fact that users get to enter Lua code into Sputnik, see Sand Boxes on Lua-Users wiki. This is basically what Sputnik does. All code that is submitted by users, even admins, is run in a sandbox. That's part of the answer to the Why Lua? question.