https://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions
comes to mind here.
You might try to hack something up by blacklisting certain API modules with
ApiCheckCanExecute and the like, but such things aren't really supported.
$wgDisableAPI itself probably doesn't make much sense anymore and may
eventually be removed.
On Mon, Jan 9, 2017 at 12:35 PM, Daniel Barrett <danb(a)cimpress.com> wrote:
Max Semenik <maxsem.wiki(a)gmail.com> asks:
Why are you disabling the API in the first place?
Maybe, there's a better
solution?
I am creating a wiki (for a specialized project) that lets anonymous users
read articles, but that is all they can do. They cannot log in, cannot view
article history, cannot view Special Pages, or use any other wiki features.
Basically, it's a wiki for a few writers and thousands of anonymous
readers. MediaWiki is a great platform because the articles are highly
interlinked like an encyclopedia.
Unfortunately, when the API is enabled, anybody can still access all the
hidden information (article history, etc.). That's why I want to block the
API. But then I kill search suggestions. :-)
I'm grateful for any advice you may have. Thank you.
DanB
_______________________________________________
Mediawiki-api mailing list
Mediawiki-api(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation