grok at resist.ca wrote:
If you require that kind of restrictions, MediaWiki is not for you. I recommend using software that is designed for that security model from the ground up.
I understand very well the stance being taken by the Mediawiki developers; but it seems to me that there's a crying need for at least some sort of systematic extension/module capability for normal GNUnix-type permissions/file access, if not for ACL/SELinux type stuff.
Since there are a lot of ways to get at content in MediaWiki, a mixed- permissions model hacked on top is very likely to be insecure, allowing access to forbidden content in numerous ways.
I simply think it's very unwise to try taking a complicated system full of ugly hackish code that's based on the idea that everyone can see everything, and try to hack on 'but sometimes you can't' at a page/user level. It's likely to break, you're likely to leak data, and if you rely on this you could lose business/money/publicity/territory/lives/blah blah.
It's unsafe and insecure, and you're better off using a secure model if you require one. I *beg* you, for your own good, not to try using MediaWiki if you actually require that type of security. It'll bite you, I guarantee it.
-- brion vibber (brion @ pobox.com)