Security and software vulnerabilities

Jump to: navigation, search

The Semantic MediaWiki project is cautious about security aspects and is striving to eliminate any possible vulnerabilities in regards to its maintained software.

Reducing attack vectors

The following is a list that contains counter measurements that have been introduced to minimize possibilities of attack vectors.

  • `Special:SMWAdmin` requires the `smw-admin` rights to access and interact with this special page
  • `Special:SpecialDeferredRequestDispatcher` can only be used on POST requests and requires a valid `requestToken`
  • `RegEx` patterns (hereof possibly injection vulnerabilitiesCiteRef::wp:en:redos) (when referenced in Property:Allows pattern) can not be stored or changed in `MediaWiki:Smw allows pattern` unless the user obtains the `smw-patternedit` right which be default is only assigned to the `smwcurator` group and not assigned to any user.
  • SQL injections are of lesser concern as no user is able to directly communicate with the `SQLStore` DB layer
  • Query execution time is not suspect to any limitation, yet $smwgQMaxDepth, $smwgQMaxInlineLimit, and $smwgQMaxSize are provided as means to reduce the possibility of long running queries (and hereby could be used as a DoS vectorCiteRef::wp:en:dos) and to avoid unanticipated query constructs

Noticing a vulnerability

If vulnerabilities are discovered, special care is needed to minimize the risk of them being exploited. In particular, it is wise to first contact the core developers directly, to ensure that an updated version can be released before the bug is public. Also note that the project is public and can be monitored by potential attackers. So commit messages like "Fixed critical security vulnerability" can also be problematic. For more information on handling security problems in open source software, see [1].


|citation text=Regular expression denial of service (ReDoS) is an algorithmic complexity attack that produces a denial-of-service by providing a regular expression that takes a very long time to evaluate.
|retrieved on=17.08.2006
|retrieved from=


|citation text=Denial-of-service attack (DoS) is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services.
|retrieved on=17.08.2006
|retrieved from=