Hello,
According to the page http://www.mediawiki.org/wiki/Manual:Preventing_access "If you need to protect even the sidebar ... it's recommended that you use higher-level authentication such as .htpasswd or equivalent."
Without using .htpasswd, are there options for restricting access to the MediaWiki:Sidebar content before a user logs in? A wiki-wide navigation menu is an important element for providing our users easy access to important content. If the world will have access to see the contents of the Sidebar, I will be reluctant to put more than a few generic menu items.
Here is an analogy for my motivation: You have purchased several very expensive gifts and they are in your car. The car is locked, but you still want to put them in the trunk or otherwise hide the fact that they are there. If you leave them in plain view, your car is instantly a very attractive target for theft. In the same way, if the interesting contents of a locked site are clearly visible it becomes a more likely target for attack (to access whatever sensitive information may be contained therein).
Any ideas for how to best secure the mediawiki sidebar are much appreciated. I have included some info on my configuration below to provide some context for those who may be interested.
-- Thomas (Tom) Hogarty
I'm using the http://www.mediawiki.org/wiki/Extension:LDAP_Authentication plugin to authenticate company users against Windows 2003 Active Directory. We are also using SSL to encrypt connections to the wiki.
My MediaWiki version is 1.10.2-36
I am requiring all users to be logged in via LDAP using the following restrictions in LocalSettings.php: $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createaccount'] = false; $wgWhitelistRead = array( "Special:Userlogin" ); $wgEmailConfirmToEdit = true; $wgLDAPUseLocal = false; # 28800 seconds is 8 hours $wgCookieExpiration = 28800;
I have personalized some of the Special:Allmessages (system messages) to reflect our login policy: MediaWiki:Loginprompt MediaWiki:Loginreqpagetext MediaWiki:Tooltip-pt-anonlogin MediaWiki:Tooltip-pt-login MediaWiki:Userlogin
On Thu, 2007-12-13 at 12:38 -0500, Tom Hogarty wrote:
Any ideas for how to best secure the mediawiki sidebar are much appreciated. I have included some info on my configuration below to provide some context for those who may be interested.
A simple solution would be to simply take the sidebar out of the default skin (whatever $wgDefaultSkin is set to). Edit the corresponding php file and conditionally take out the entire sidebar. For example, in skins/CologneBlue.php, you would change the function quickBar() like so:
if( $wgUser->isLoggedIn() ) { $s .= $this->menuHead( "qbbrowse" ); $bar = $this->buildSidebar(); $browseLinks = reset( $bar ); foreach ( $browseLinks as $link ) { if ( $link['text'] != '-' ) { $s .= "<a href="{$link['href']}">" . htmlspecialchars( $link['text'] ) . '</a>' . $sep; } } }
Similar things can be done with the other skins as needed.
mediawiki-enterprise@lists.wikimedia.org