If you have superuser access on the box on which you are running Instiki, you can have a more secure setup by running Instiki under a new, unprivileged UID.
Create a fresh, unprivileged, user, instiki, with no shell access.
Allow this new user access only to those files that are absolutely necessary:
% sudo chown instiki public secret db db/production.db.sqlite3 config/environment.rb config/database.yml
% sudo chown -R instiki log storage cache webs tmpRun Instiki as this new user, instead of as yourself:
% sudo -u instiki ./instiki --daemonIn this configuration, you can stop Instiki with:
% sudo -u instiki kill pid-of-InstikiInstiki provides a mechanism for uploading files to your Wiki. This means, in principle, that miscreants could use your Instiki Wiki as a dropbox for sharing files on the internet.
To mitigate the threat, there is a default limit, of 100 KB, on the size of uploaded files. You can change this limit or — better, yet — disable file uploads on publicly accessible Webs in the Edit Web configuration page.