-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
we're using MediaWiki for our corporate intranet documentation and sometimes have outside workers which should not be granted access to the complete wiki because it may contain all kind of sensitive information.
Is there *some* way implemented to restrict access for groups of users to documentes? Like only accessing documents in a certain namespace or from within a certain category?
thanks
Hi
Just look at : http://meta.wikimedia.org/wiki/Hidden_pages
DC
On Fri, Jul 07, 2006 at 01:21:12PM +0200, Markus Fischer wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
we're using MediaWiki for our corporate intranet documentation and sometimes have outside workers which should not be granted access to the complete wiki because it may contain all kind of sensitive information.
Is there *some* way implemented to restrict access for groups of users to documentes? Like only accessing documents in a certain namespace or from within a certain category?
thanks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFErkOo1nS0RcInK9ARAiXeAJ4oM7Y0EmkHdDfvJoS9Ln3pYzCdxwCg4nRi EdD25tQRy0nv/HDqj88lR9k= =mU6J -----END PGP SIGNATURE----- _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
On 7/7/2006 at 1:21 PM Markus Fischer wrote: |we're using MediaWiki for our corporate intranet documentation and |sometimes have outside workers which should not be granted access to the |complete wiki because it may contain all kind of sensitive information. | |Is there *some* way implemented to restrict access for groups of users |to documentes? Like only accessing documents in a certain namespace or |from within a certain category? =============
Unfortunately, you are using the wiki for a task it was not designed to do. The wiki was designed as an open information system, everything is public. Indeed, the "wiki philosophy" often states the 'everything is public' mantra. As a result, the patches to allow for any manner of restricted access are at best a kludge, at worst an ongoing maintenance problem.
Because of the "everything is public" mantra, I doubt if there will ever be a reliable, robust, secure and maintained solution to the problem you pose.
My solution was to set up a second wiki behind apache's authorization/authentication model, so that only the people who need to see the pages of that wiki were able to access it.
Markus Fischer a écrit :
Is there *some* way implemented to restrict access for groups of users to documentes? Like only accessing documents in a certain namespace or from within a certain category?
Does this help : http://meta.wikimedia.org/wiki/Page_access_restriction_with_MediaWiki ?
On 07/07/06, Markus Fischer markus@fischer.name wrote:
Is there *some* way implemented to restrict access for groups of users to documentes? Like only accessing documents in a certain namespace or from within a certain category?
Run now and install a proper document management system. And my strongest advice is to IGNORE any post pointing you at any third party hack to the software which promises to add this; as far as I know, *all* such hacks presently don't patch enough to completely block access to restricted content.
Rob Church
On 7/7/06, Rob Church robchur@gmail.com wrote:
On 07/07/06, Markus Fischer markus@fischer.name wrote:
Is there *some* way implemented to restrict access for groups of users to documentes? Like only accessing documents in a certain namespace or from within a certain category?
Run now and install a proper document management system. And my strongest advice is to IGNORE any post pointing you at any third party hack to the software which promises to add this; as far as I know, *all* such hacks presently don't patch enough to completely block access to restricted content.
I second that. The only proper way for me has been to maintain a small wiki farm of multiple installations, where the different installations have different users, don't allow signup and block anonymous views.
For actual security, we have PGP-encrypted blocks of text. Yeah, not exactly wiki.. but useful for managing certain docs in an "easy enough" way.
I still theorize some kind of wacky apache security measure which has security restrictions overtop of sub-items. Something like:
[[normal]] [[normal/protected]]
Pipe dream, I know. =)
On 7/7/06, Rob Church robchur@gmail.com wrote:
On 07/07/06, Markus Fischer markus@fischer.name wrote:
Is there *some* way implemented to restrict access for groups of users to documentes? Like only accessing documents in a certain namespace or from within a certain category?
Run now and install a proper document management system. And my strongest advice is to IGNORE any post pointing you at any third party hack to the software which promises to add this; as far as I know, *all* such hacks presently don't patch enough to completely block access to restricted content.
If only the UserCan hook was called more and more. I would love a global variable like $wgInsanePermissions that, when activated, would have Article and Title constructors, etc call UserCan for ($wgUser).
On 08/07/06, Gregory Szorc gregory.szorc@gmail.com wrote:
If only the UserCan hook was called more and more. I would love a global variable like $wgInsanePermissions that, when activated, would have Article and Title constructors, etc call UserCan for ($wgUser).
It wouldn't help, though, because MediaWiki is built around being able to access the content via hundreds of different methods...hence the reason all these hacks don't work 100%.
Rob Church
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Thanks for all the feedback. I appriciate all emails I received, especially the ones remining me that "that's not the wiki way" which I also think is right.
Since I'm not a fan of patches (have to reapply after updates, not something I want to spend time to), I'll probably go with another approach: have a special Category in the 'intranet' wiki and only pages in those Category will be replicated to another mediawiki installation in the 'extranet' where users have to rights to edit ages, only view them after auth.
I think that's the currently one of the best approaches, that way I don't have to fear that users might find a hole in one of the pages if just the content they're allowed to see is in their 'extranet' installation.
- - Markus
Markus Fischer wrote:
Hi,
we're using MediaWiki for our corporate intranet documentation and sometimes have outside workers which should not be granted access to the complete wiki because it may contain all kind of sensitive information.
Is there *some* way implemented to restrict access for groups of users to documentes? Like only accessing documents in a certain namespace or from within a certain category?
thanks
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org