Hello! Can I restrict access to mediawiki api? I need deny all permission for every users, except one, which login and password I give to client
2011/4/22 Андрій Гончар gonandriy@gmail.com:
Hello! Can I restrict access to mediawiki api? I need deny all permission for every users, except one, which login and password I give to client
You can use MediaWiki's existing permissions for this. If you deny anonymous users the right to read pages (read the documentation for more info, but essentially it's $wgGroupPermissions['*']['read'] = false; ), the API will refuse to let anonymous users do anything but log in.
Of course you'll also want to restrict account creation or something, but the point is that as long as you've made sure that permission to read through the normal web interface is denied, permission to use the API will also be denied.
Roan Kattouw (Catrope)
Thanks for quick response. But I need deny access only through api, not through normal web interface Is it possible?
2011/4/22 Андрій Гончар gonandriy@gmail.com:
Thanks for quick response. But I need deny access only through api, not through normal web interface Is it possible?
No. Why would you want that, anyway?
Roan Kattouw (Catrope)
For increasing security. Deny fetching my wiki through api by bots
Or, probably, I want something absurd ?
Lots of bot frameworks can still read the contents from the html. Just blocking their reading through the api is very useless.
You could turn off the api entirely. Thats about the only way to stop it from being used.
On Fri, Apr 22, 2011 at 5:45 AM, Андрій Гончар gonandriy@gmail.com wrote:
For increasing security. Deny fetching my wiki through api by bots Or, probably, I want something absurd ? _______________________________________________ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
You could restrict group access to the write API, which has more destructive potential than simple queries:
http://www.mediawiki.org/wiki/API:Restricting_API_usage#Restricting_access_t...
I agree with the others that there's no benefit to restricting access to the read API.
Jim
On Fri, Apr 22, 2011 at 5:49 AM, C Stafford c.stafford@gmail.com wrote:
Lots of bot frameworks can still read the contents from the html. Just blocking their reading through the api is very useless.
You could turn off the api entirely. Thats about the only way to stop it from being used.
On Fri, Apr 22, 2011 at 5:45 AM, Андрій Гончар gonandriy@gmail.com wrote:
For increasing security. Deny fetching my wiki through api by bots Or, probably, I want something absurd ? _______________________________________________ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
mediawiki-api@lists.wikimedia.org