Good morning from Canada,
First of all: thank you for all your comments and efforts ! I really appreciate all of
them ! When I see all this, I take confidence in the human being... You have all my
respect.
Seems that we may have a potential solution (?) :-)
I know that we can't close all doors... it is perhaps not prevent all risks, but to
learn how to manage the limit (can we say that in english ???)
I downloaded IntraACL from the "storage-rewrite" git branch to do a test.
Under patches/ there is no IntraACL-MediaWiki-*.diff for our Mediawiki version: 1.21.1
Anyway, I have done a backup of our dev virtual machine and then try to to apply
IntraACL-MediaWiki-1.20.3.diff to our 1.21.1 installation (just to try and guess): of
course I got some errors on lines xxxx...
Question: is there a IntraACL-MediaWiki-xxx.diff for 1.21.1 somewhere ? Else, do you
suggest to install 1.20.3 (or 1.20.6) instead of the latest MV version ? (because there is
an available diff for 1.20.3...)
Again: thanks you all !!!!
Pierre
-----Original Message-----
From: mediawiki-enterprise-bounces(a)lists.wikimedia.org
[mailto:mediawiki-enterprise-bounces@lists.wikimedia.org] On Behalf Of vitalif(a)yourcmc.ru
Sent: Saturday, August 24, 2013 6:03 AM
To: mediawiki-enterprise(a)lists.wikimedia.org
Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki
installation (Enterprise wiki) ?
Hi all!
About ACLs - do you know about our "IntraACL" extension? (based on earlier one
"HaloACL" by ontoprise company)
https://github.com/mediawiki4intranet/IntraACL/
It has full protection of pages for reading via core patches, in listings and etc; ACLs
can be configured on a page, category or namespace basis.
"Stable" version consists of a totally rewritten UI and a modified HaloACL
backend (though not so heavily modified). Now we use it on our corporate wikis.
But just like the UI was, HaloACL backend is also designed very poorly (it's slow and
it's written too verbosely), so now I'm doing a total rewrite of it - it's in
the "storage-rewrite" git branch. It's almost ready, I should just test it
and add some additional maintenance features. Automated tests are also in development
now.
Of course the extension isn't perfect - there are some ideological problems, for
example some combinations of page/category/namespace rights are not always obvious for
users (and there are 3 override modes); page/category/namespace ACLs are a mess if you
want to really restrict editing of ACLs themselves; also, now there is a hardcode -
"sysop" and "bureaucrat" MW groups are always super-users.
But assuming you have no people that want to _really_ abuse your right system - which is
usually a correct assumption in corporate environment
- the extension is good enough for everyday use.
So! :)
Everyone is welcome to test it and tell us about good ideas if you have some :) (my main
question which I can't really solve by myself is - what right system would be really
convenient to use in MediaWiki's flat page structure with categories?)
--
With best regards,
Vitaliy Filippov
_______________________________________________
Mediawiki-enterprise mailing list
Mediawiki-enterprise(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise