On Sat, Jan 29, 2005 at 04:39:58PM +0000, Rusty Shackleford wrote:
I've read this page:
http://meta.wikimedia.org/wiki/Documentation:Security
but I'd like to know how to require editors to log in first, and how to
disable account creation.
Add the following lines to LocalSettings.php:
# Prevent new user registrations - only users with sysop status can
# create users.
$wgWhitelistAccount = array ( "sysop" => 1 );
# You must be a logged in user to edit pages. Combining this
# restriction with the previous restriction means we control who can
# edit pages.
$wgWhitelistEdit = true;
You should notice that the login page is different - all you'll have now
are two boxes for username and password rather than the five seen
previously.
Also, I'm not sure how to disable running PHP
scripts in any directories
except the script directories. Can I just copy this ato the end of my
httpd.conf file and then reboot the server:
<Location "/wiki/images">
php_admin_flag engine off
AddType text/plain .html .htm .shtml
</Location>
I think so. I've used <Directory /some/where/images> instead of
location, but it works for me.
All related comments on how to secure a wiki are
welcome.
You may want to add an Apache rewrite rule so that requests for the
login page are redirected to use HTTPS and passwords are encrypted:
RewriteCond %{QUERY_STRING} ^title=Special:Userlogin
RewriteRule /(.*)
https://wiki.example.com/$1 [R,L,QSA]
You'll need to make sure it's either in a HTTP VirtualHost or add a
RewriteCond to check it was a HTTP request, possibly using
%{SERVER_PROTOCOL}. Once you've redirected to HTTPS your browser should
stay using HTTPS, protecting the cookies MediaWiki sets.
--
John Tobin
"OS/370 is a truly remarkable operating system. It's possible to destroy
days of work with a single misplaced space, so alertness in the
programming staff is encouraged."
--
http://www.pbm.com/~lindahl/real.programmers.html