Hello,
The Wikimedia Foundation Research team [0] is committed to serving
Wikimedia volunteer developers so that they can effectively leverage the
expertise of the Wikimedia research community to contribute to Wikimedia
projects.
We refer to a Wikimedia volunteer developer as any person who contributes
to a piece of software in the Wikimedia ecosystem, e.g., MediaWiki
extensions, desktop and mobile apps and services, bots, PAWS notebooks,
user scripts, etc.
If you identify yourself as a Wikimedia volunteer developer, your
participation in this brief survey [1] would be very relevant for our team
to identify existing and suggested research needs and opportunities of the
Wikimedia developer community.
Thank you for your time and consideration.
Kinneret Gordon, Pablo Aragón and Leila Zia
On behalf of the Wikimedia Research team
[0] https://research.wikimedia.org
[1] https://wikimediafoundation.limesurvey.net/developers-research-needs
--
Kinneret Gordon
Lead Research Community Officer
Wikimedia Foundation <https://wikimediafoundation.org/>
Hi Everyone,
I was looking at our Special:Version page, and got to thinking about
api.php [1] and rest.php.[2] I don't believe anyone on our team is
using the APIs, and I would like to disable them to reduce attack
surface. Or disable them on external interfaces (or maybe allow on
localhost/127.0.0.1).
I see api.php can be disabled via $wgEnableAPI.[1] But I don't see a
similar option for rest.php.[2]
I have two questions. First, is it possible to disable api.php and
rest.php in practice? Or restrict them to internal interfaces only?
Second, what option controls rest.php?
And maybe a third question, can we rename api.php and rest.php tosay,
api.php.unused and rest.php.unused? Will that produce ill effects?
Thanks in advance.
[1] https://www.mediawiki.org/wiki/Manual:Api.php
[2] https://www.mediawiki.org/wiki/Manual:Rest.php