On Wed, Feb 1, 2017 at 3:19 AM David Gerard <dgerard(a)gmail.com> wrote:
This is pretty much the "hard shell, tasty soft
centre" security
model. Is this a desperately unsafe thing to do? Has anyone else done
this or something like it?
We do this every single day at Wikimedia. Think of the private wikis--ones
for Arbcom, Office, etc etc etc. They're internet-accessible but locked down
to anonymous users.
Just deny read permissions to anons and as long as you trust the login
method (in your case, Google) you should be fine. You can also whitelist
Main_Page to give people a warning and instructions to login.
-Chad