[Labs-l] Signpost

[Huji Lee]

On that note, does Labs use any kind of sandboxing or similar strategy to
separate instances? I know with WordPress the issues is no about the spread
of vulnerabilities from one server instance to another, but I wonder how
Labs is secured against the latter specifically.

On Thu, May 12, 2016 at 4:10 PM, Tom Doolan <tom29739onwiki at gmail.com>
wrote:

> I'd second this. It's also very unreliable in my experiences, so as
> YuviPanda says, you'd need a sysadmin to keep it up to date and working.
>
> tom29739
> On 12 May 2016 8:55 p.m., "Yuvi Panda" <yuvipanda at gmail.com> wrote:
>
>> On Thu, May 12, 2016 at 3:41 PM, T Paris <tparis.wiki at gmail.com> wrote:
>> > If we didn't need access to any WMF databases and could even IP
>> blacklist
>> > the instance's IP, would that alleviate some concerns?  Also, would the
>> > auto-update feature help?
>>
>> The problem is more of serving your readers malware / accidentally
>> becoming part of a botnet. The auto-update definitely helps but isn't
>> enough, IMO - there's no cleanup afterwards that it does, you only
>> need to be infected once for you to be compromised forever, etc.
>>
>> Wordpress is amazingly awesome and I reccomend it to everyone who
>> wants to publish things on the web, I just want y'all to be also aware
>> that it does require constant sysadmin help/lookout to keep it secure.
>>
>> Good luck! <3 Signpost :)
>>
>> --
>> Yuvi Panda T
>> http://yuvi.in/blog
>>
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
>>
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-l/attachments/20160512/00cd453c/attachment.html>