Good morning from Canada,
First of all: thank you for all your comments and efforts ! I really appreciate all of them ! When I see all this, I take confidence in the human being... You have all my respect.
Seems that we may have a potential solution (?) :-)
I know that we can't close all doors... it is perhaps not prevent all risks, but to learn how to manage the limit (can we say that in english ???)
I downloaded IntraACL from the "storage-rewrite" git branch to do a test. Under patches/ there is no IntraACL-MediaWiki-*.diff for our Mediawiki version: 1.21.1 Anyway, I have done a backup of our dev virtual machine and then try to to apply IntraACL-MediaWiki-1.20.3.diff to our 1.21.1 installation (just to try and guess): of course I got some errors on lines xxxx...
Question: is there a IntraACL-MediaWiki-xxx.diff for 1.21.1 somewhere ? Else, do you suggest to install 1.20.3 (or 1.20.6) instead of the latest MV version ? (because there is an available diff for 1.20.3...)
Again: thanks you all !!!!
Pierre
-----Original Message----- From: mediawiki-enterprise-bounces@lists.wikimedia.org [mailto:mediawiki-enterprise-bounces@lists.wikimedia.org] On Behalf Of vitalif@yourcmc.ru Sent: Saturday, August 24, 2013 6:03 AM To: mediawiki-enterprise@lists.wikimedia.org Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
Hi all!
About ACLs - do you know about our "IntraACL" extension? (based on earlier one "HaloACL" by ontoprise company)
https://github.com/mediawiki4intranet/IntraACL/
It has full protection of pages for reading via core patches, in listings and etc; ACLs can be configured on a page, category or namespace basis.
"Stable" version consists of a totally rewritten UI and a modified HaloACL backend (though not so heavily modified). Now we use it on our corporate wikis.
But just like the UI was, HaloACL backend is also designed very poorly (it's slow and it's written too verbosely), so now I'm doing a total rewrite of it - it's in the "storage-rewrite" git branch. It's almost ready, I should just test it and add some additional maintenance features. Automated tests are also in development now.
Of course the extension isn't perfect - there are some ideological problems, for example some combinations of page/category/namespace rights are not always obvious for users (and there are 3 override modes); page/category/namespace ACLs are a mess if you want to really restrict editing of ACLs themselves; also, now there is a hardcode - "sysop" and "bureaucrat" MW groups are always super-users.
But assuming you have no people that want to _really_ abuse your right system - which is usually a correct assumption in corporate environment - the extension is good enough for everyday use.
So! :)
Everyone is welcome to test it and tell us about good ideas if you have some :) (my main question which I can't really solve by myself is - what right system would be really convenient to use in MediaWiki's flat page structure with categories?)
-- With best regards, Vitaliy Filippov
_______________________________________________ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise