Don't let internal wikis leak company secrets.

Feb 1, 2009 Published by Tony Primerano

Good wiki pages have good titles and the title is usually in the URL.   This is all well and good but if you're creating pages on a corporate wiki that is hidden from the outside world, your title may be giving away too much information.

A few days ago on twitter one of my colleagues noticed this post on twitter.

JonGretar: I think AOL is using Erlang for it's chat system redesign.  about 6 hours ago · Reply · View Tweet

His initial thought was that all our candid discussions about Erlang on twitter gave us away.  But this wasn't the case.

JonGretar: @tumka Because of people viewing my erlang tutorial with referrer: about 5 hours ago · Reply · View Tweet

Ooops.   Fortunately our Chat Backend Redesign is not a secret and our wiki page has links to all sorts of external sites.

For those non-techies out there let me explain what a referrer is.

When you click a link on a web page, the destination site is sent information on what page sent it the traffic.  The source page is the referrer (or referer as it is misspelled in the HTTP spec).    There are several useful applications that use the referrer information that I won't discuss here.  Naturally, Wikipedia has a good article on the subject.

What would have been worse is if we had a page called and someone at company X noticed this referrer in their access logs.  If company X was a public company that person might run off and buy a pile of stock based on this simple observation.

Now most wikis are public and people wouldn't be creating pages like this in the public space.  But more and more companies have internal wikis and it is becoming common to discuss things on these pages that should not be shared with the public.    Rather than having to worry about your page titles giving away too much information I have created a mediawiki extension that will prevent referrer information from being sent to external sites.

Information on the extension can be found here.