imc-docs TODO

Ok, tons of things to fix or improve... tons of stuff already done, too : ImcDocsLog.


  • polish monitoring/IDS stuff
  • limit VServers CPU and memory usage, see and gdm's e-mail to imc-docs-tech on April 21
  • rate limit the connexions to sshd (ipt_recent - only >= linux 2.6.18)

Privacy & security

  • httpS-only login ?
    • NOTE: hijacking a wiki user may not be as disruptive as hijacking an email account, but, as many persons use just one password, it could
    • login/logout stuff will be solved in dakar, as explained in ImcDocsPluginNotes
  • prevent bruteforcing TWiki passwords ? for example, rate limit access to the logon script (Dakar) with any Apache anti-DoS module
  • Logfile IP anonymizer must not replaces IP addresses in referer URLs. Example log line of a Google search:
    Oct  2 12:22:27 humus apache: [Sun Oct 02 12:22:27 2005] [error] [client] File does not exist: /var/www/, referer:
    • do we really need such data ? If we do, it involves hardcore syslog-ng stripping regexp configuration, if possible at all. -- IntRigeri - 12 Feb 2006
  • Remove first and last name (and company where still present) off TWikiRegistration in all languages. Add additional fields if needed, but minimize mandatory form fields.

Trash cleaning

Have cron clean Trash (and Sandbox ?) web (NB: wait for Dakar to do this, since interface of the functions needed for the second step change a lot)

This is being discussed on TWiki:Codev/EmptyTrash and TWiki:TWiki/ManagingTopics#Deleted_Topics_How_to_Clear_the

Prevent misuse

  • Prevent Wiki spam
  • prevent TWikiGuest password change, ahahah
  • make sure all webs are monitored by at least one person subscribed to WebNotify or reading the RSS feed


NB: the topics access statistics are at

  1. create a page that lists the tutorials and their translations - started at UsefulLinks - we need to expand this page, add in all the translated pages, then translate this page! -- GarconDuMonde - 26 Feb 2005
  2. guidelines for naming conventions - ImcDocsNamingConventions
  3. how to use - started an FAQ at HowTo -- GarconDuMonde - 28 Feb 2005
  4. modifying WebLeftBarCommon in order to include the two links to HowTo and UsefulLinks instead of the other ones.
  5. translation work:
    • translate the TWiki documentation in a lot of languages (or find translations somewhere)
    • translation of our own documents (see above)
  6. redo the WebHome's:
  7. Copy somewhere

nb idea was to all try and work on some of these things over the 5 days and then get together at the end to agree changes



Any customizations on the look of the website can be made through either PatternSkinCustomization or TWikiTemplates.

  • sort out the 'webs' NOT SO URGENT
    • one idea is to have a separate web for each imc, like the Aotearoa web.
    • Dakar will support sub-webs : one idea is to have a sub-web per IMC
  • add 'login' link to side bars
  • shorten view type URLs : cf Boum:TechStdOut/BoumTWikiSetup


  • look at caching solutions / proxy / most viewed pages : d + g NOT SO URGENT
  • improve TWiki performance using mod_perl ; Dakar is supposed to work flawlessly with it.


  • Change to creative commons ?
    • the license would appear as:
Creative Commons License
This work is licensed under a Creative Commons License.

Of course, this raises the problem of the actual copyright notice that has been displayed since the wiki was first installed... GarconDuMonde has contacted the EFF and also Christiane who is the 'world contact' at creativecommons.


Migration to dakar

A dakar beta test install was setup in, allowing us to test the problems we will encounter during our future migration. So far, problems/issues are:
  • maybe test a new authentification setup, since the default one (.htpasswd files + sessions) has some well-known weaknesses, and that better schemes are available.
  • in order to save some CPU, our previous setup deactivated raw mode and non-default skins for non-authenticated users. This was based on an apache RewriteRule which redirected these "view" requests to "viewauth", "viewauth" being the twiki script requiring authentification before proceeding. This won't work anymore in dakar, since "viewauth" has disappeared. We have still to find out how can work around this.

Dakar includes a, in tools/ directory, which is designed to be run from a cronjob to do some useful maintenance tasks.

Amongst the items that used to be in this TODO and that will be solved by Dakar, there is :
  • make deleting attachments easier
Topic revision: r88 - 09 Oct 2006, AlsteR
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback