Hello,
According to the page
http://www.mediawiki.org/wiki/Manual:Preventing_access "If you need to
protect even the sidebar ... it's recommended that you use
higher-level authentication such as .htpasswd or equivalent."
Without using .htpasswd, are there options for restricting access to
the MediaWiki:Sidebar content before a user logs in? A wiki-wide
navigation menu is an important element for providing our users easy
access to important content. If the world will have access to see the
contents of the Sidebar, I will be reluctant to put more than a few
generic menu items.
Here is an analogy for my motivation: You have purchased several very
expensive gifts and they are in your car. The car is locked, but you
still want to put them in the trunk or otherwise hide the fact that
they are there. If you leave them in plain view, your car is instantly
a very attractive target for theft. In the same way, if the
interesting contents of a locked site are clearly visible it becomes a
more likely target for attack (to access whatever sensitive
information may be contained therein).
Any ideas for how to best secure the mediawiki sidebar are much
appreciated. I have included some info on my configuration below to
provide some context for those who may be interested.
--
Thomas (Tom) Hogarty
I'm using the
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication
plugin to authenticate company users against Windows 2003 Active
Directory. We are also using SSL to encrypt connections to the wiki.
My MediaWiki version is 1.10.2-36
I am requiring all users to be logged in via LDAP using the following
restrictions in LocalSettings.php:
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgWhitelistRead = array( "Special:Userlogin" );
$wgEmailConfirmToEdit = true;
$wgLDAPUseLocal = false;
# 28800 seconds is 8 hours
$wgCookieExpiration = 28800;
I have personalized some of the Special:Allmessages (system messages)
to reflect our login policy:
MediaWiki:Loginprompt
MediaWiki:Loginreqpagetext
MediaWiki:Tooltip-pt-anonlogin
MediaWiki:Tooltip-pt-login
MediaWiki:Userlogin