On Sat, Aug 10, 2013 at 4:15 PM, Pierre Labrecque pierre.labrecque@live.ca wrote:
1- create a page "FOO1:Procedure To do this" and give general informations on it, accessible to all users... and on "FOO1:Procedure to do this" we put a link to "FOO2:SecretPasswords" 2- if the user needs the passwords, he clicks on "FOO2:SecretPasswords". If he has access to the FOO2 namespace (as defined in the LockDown parameters, in LocalSettings), all is ok for him and he has access to the page. If he doesn't, then he receives an access denied. Make sens for you ?
bottom line is most (all?) of these security extensions (e.g. LockDown) have either not had WMF security review or have not passed. the known good, very effective and secure way to do this is 2 separate wikis with interwiki links between them. (and different sets of people can log in to each one) The WMF config for private fishbowls is published so you can copy from there. ( https://noc.wikimedia.org/conf/ https://git.wikimedia.org/summary/?r=operations/mediawiki-config.git ; `git grep` is your friend! ) You should make sure that the wikis are on different domains and cookies set by either wiki are not accessible by the other one.
You could have exactly the same setup described above (which I quoted) using 2 separate wikis. FOO1 and FOO2 are different wikis. FOO2 at FOO1 is not a namespace but rather is an interwiki link.
-Jeremy