Hello all,
I have been charged with looking into access control implementations for media wiki and was directed to this list by some folks on IRC. Basically our company has a small internal wiki that is fractured by department we want to roll it out company wide but in order to do that we will need to implement access control (possibly linked to LDAP). Does such an extension already exist for media wiki? Is there something similar being developed? Any suggestions are most welcome.
Thank you for your time,
Sergei
On Mon, 2008-05-12 at 13:35 -0400, Sergei Frankoff wrote:
implement access control (possibly linked to LDAP). Does such an
GroupsAdministration.php + CategoryPermissions.php + LdapAuthentication.php = "Enterprise Mediawiki"(*)
~BAS
(*) Let the Wank Words Bingo tournament begin
Brian A. Seklecki wrote:
On Mon, 2008-05-12 at 13:35 -0400, Sergei Frankoff wrote:
implement access control (possibly linked to LDAP). Does such an
GroupsAdministration.php + CategoryPermissions.php + LdapAuthentication.php = "Enterprise Mediawiki"(*)
~BAS
(*) Let the Wank Words Bingo tournament begin
Yes the LDAP plug in gets me half way but it seems as though Enterprise Mediawiki still has inherent security flaws when it comes to specific page access control. Other than the mirroring solution is there something more elegant that can be relied on?
Sergei
On Mon, 2008-05-12 at 13:59 -0400, Sergei Frankoff wrote:
page access control. Other than the mirroring solution is there
You can setup users into roles, and set "RO" and "Private" categories to restrict page views or edits to rolemembers ah la Posix.
Those groups can even be populated out of LDAP.
Mediawiki is far from secure, though, by any means. For example, media/image/upload objects aren't stored in the database -- anyone with the path can go get a file.
Security wasn't a design goal. You can use GroupPermissions to discourage wandering eyes.
Let me know if you need example configs.
~BAS
Mediawiki is far from secure, though, by any means. For example, media/image/upload objects aren't stored in the database -- anyone with the path can go get a file.
You can use img_auth.php for this. The files will be served out via MediaWiki, not Apache. You specifically deny access to the files via Apache.
Either way, MediaWiki is not designed for denying read access to individual pages or namespaces, and anyone trying to do so is setting themselves up for failure.
V/r,
Ryan Lane
Lane, Ryan wrote:
Mediawiki is far from secure, though, by any means. For example, media/image/upload objects aren't stored in the database -- anyone with the path can go get a file.
You can use img_auth.php for this. The files will be served out via MediaWiki, not Apache. You specifically deny access to the files via Apache.
Either way, MediaWiki is not designed for denying read access to individual pages or namespaces, and anyone trying to do so is setting themselves up for failure.
V/r,
Ryan Lane
Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
That is becoming apparent. I guess I will be looking into other wiki solutions. I appreciate all of your time and effort.
Sergei
mediawiki-enterprise@lists.wikimedia.org