File names should not have tiki
- Status
- Open
- Subject
- File names should not have tiki
- Version
- 12.x
13.x
14.x - Category
- Usability
- Feature
- Installer (profiles, upgrades and server-related issues)
- Resolution status
- Fix on the Way
- Submitted by
- samerafach
- Lastmod by
- Gary Cunningham-Lee
- Rating
- Description
Dear Sir:
This may not sound as a bug, but this could be a problem for people who use tiki to build a professional website.
In an ideal CMS, no one has to know what platform the webmaster is using. Knowing the platform from first sight is considered a huge flaw in the design of the CMS. It's not my position to defend this statement, but you're professional developers, and you understand how this should be the first piece of information any hacker is looking for. Honestly I'd be already surprised if this not clear.
With that said, let's state the problem: The problem is that every php page in tiki has the prefix "tiki-", like "tiki-index.php". Now why?
Let's look at this rationally. Does this benefit the user with anything? Absolutely not. As it looks to me, it's just a show-off of the kind "hey look, this website was made by tiki, and the webmaster couldn't get rid of those urls exposing him".
Trust me, some companies will just refuse to use the whole platform because of this! Usually organizations are paranoid about security.
So please, fix this. Just remove every "tiki-" from every file name. There's not a single good reason to have it done this way.
PS: Renaming the files myself is not considered a solution. Even if it works, an update will mess it up.
Best,
Samer- Solution
This was discussed on the Tiki developers mailing list (http://sourceforge.net/p/tikiwiki/mailman/message/33455315/) and the consensus is:
- It isn't a security problem to use "tiki" in the filenames and URLs because this information isn't actually used to target the site.
- If the appearance of "tiki" in the URLs is a problem for site branding purposes, rewrite rules can be used to remove the term, as is now done for wiki pages, blog posts and so on.
- "Tiki" is perhaps used unnecessarily in the interface text, such as for the "MyTiki" section, and this can and should be changed to something generic and descriptive.
- Changing the file names and paths would make problems for updating existing Tiki sites, and would take a lot of time and effort so wouldn't be worthwhile if the same result can be achieved with URL rewriting.So the plan is to modify the rewrite rules and instances of "tiki" in the interface text.
- Importance
- 10 high
- Easy to solve?
- 7
- Priority
- 70
- Demonstrate Bug (Tiki 19+)
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Version: Create show2.tiki.org instanceAbout show2.tiki.orgTo help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
- Ticket ID
- 5555
- Created
- Friday 13 February, 2015 20:40:41 GMT-0000
by samerafach - LastModif
- Wednesday 18 February, 2015 14:49:08 GMT-0000
Attachments
| filename | created | hits | comment | version | filetype | ||
|---|---|---|---|---|---|---|---|
| No attachments for this item | |||||||
;){kind=link}
;){kind=link}
- Threaded comment listing sort order
- fresh opening of tiki home page tiki-index (I removed a warning) is it OK
- Tracker with field type "Numeric" won't
- tiki 25.1 Database 'xxxx'. Unable to connect to database (when 25.0 will connect)
- Kanban plugin; the Swimlane field throw an error if using a category field type
;){kind=link}
;){kind=link}