User:BWolff (WMF)/CSP/2

Why do I care about security? Its a wiki. Anyone can edit!

edit

Everyone's needs and risks differ. So there's no one size fits all answer. However some common scenarios:

  • In a corporate environment, Often not everyone can edit. Or different people can edit/access different things
  • Attributing edits to the right person is important. It can be very disruptive if bad edits are attributed to the wrong person
  • If other systems are stored on the same domain, people may be able to leverage a vulnerability in the wiki to gain access to those systems

The type of vulnerability we're talking about here (XSS) basically allows someone to take over the victims browser and cause it to do anything they want, within the same domain name.

next