I couldn't find this in the docs. We are running an internal wiki and would like to have everyone log in before editing so we can see who made what chnages. Is there a way to do this?
Thanks, Ben
from DefaultSettings.php
# User rights # It's not 100% safe, there could be security hole using that one. Use at your # own risks.
$wgWhitelistEdit = false; # true = user must login to edit.
So just put $wgWhitelistEdit = true; in your localsettings.php and only logged in users can edit.
Enjoy, Ben
On 4/21/05, Benjamin FrantzDale frantzdale3i@gmail.com wrote:
I couldn't find this in the docs. We are running an internal wiki and would like to have everyone log in before editing so we can see who made what chnages. Is there a way to do this?
Thanks, Ben _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
#It's not 100% safe, there could be security hole using that one. Use at your own risks. I was planning to ask this. I am using mediawiki as a tool to let website owners manage their own content. The site appears as a normal site to everyone else, and only the admins know that it is a mediawiki.
Does this mean that if some hacker found out what my website was made of, he could easily find his way in? Am I making a site that is more easier to hack, as all source is free-ly avaiable for them to find security holes?
On 4/21/05, Ben DeVore ctrlphreak@gmail.com wrote:
from DefaultSettings.php
# User rights # It's not 100% safe, there could be security hole using that one. Use at your # own risks.
$wgWhitelistEdit = false; # true = user must login to edit.
So just put $wgWhitelistEdit = true; in your localsettings.php and only logged in users can edit.
Enjoy, Ben
On 4/21/05, Benjamin FrantzDale frantzdale3i@gmail.com wrote:
I couldn't find this in the docs. We are running an internal wiki and would like to have everyone log in before editing so we can see who made what chnages. Is there a way to do this?
Thanks, Ben _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
What are the security risks in doing this?
On 4/21/05, Ben DeVore ctrlphreak@gmail.com wrote:
from DefaultSettings.php
# User rights # It's not 100% safe, there could be security hole using that one. Use at your # own risks.
$wgWhitelistEdit = false; # true = user must login to edit.
So just put $wgWhitelistEdit = true; in your localsettings.php and only logged in users can edit.
On 4/22/05, Tor Kinlok tor@superman.ws wrote:
What are the security risks in doing this?
# User rights # It's not 100% safe, there could be security hole using that one. Use at your # own risks.
I think the point is that, since MediaWiki is designed for sites that are more open than this, tracking down and fixing ways to get round the restrictions has never been a priority, and gets little in the way of testing. There may be specific flaws that people know about but haven't the time to fix, I don't know, but the main point is that *there might be* ways of breaking things if people really wanted to.
Just don't assume that, once the setting's turned on, you are 100% guaranteed that nobody can affect anything without logging in.
Does this mean that if some hacker found out what my website was made of, he could easily find his way in? Am I making a site that is more easier to hack, as all source is free-ly avaiable for them to find security holes?
Don't believe in security through obscurity. Open Source may mean people find holes, but if that happens they are quickly fixed - and then they are no longer there. Much better than if they are there, only not (yet) known.
On 4/22/05, Pedro Timoteo patimoteo@dti.pga.aero wrote:
Does this mean that if some hacker found out what my website was made of, he could easily find his way in? Am I making a site that is more easier to hack, as all source is free-ly avaiable for them to find security holes?
Don't believe in security through obscurity. Open Source may mean people find holes, but if that happens they are quickly fixed - and then they are no longer there. Much better than if they are there, only not (yet) known.
heh, I'd reccomend in addition to doing the forced logins to use .htpasswd, that will gurantee that any holes in it would be blocked anyway (as people have to login to even login).
and, http://wikimediafoundation.org uses forced login, so i would think it would be pretty secure (they haven't been hacked because of it yet, have they?)
-- Tom
mediawiki-l@lists.wikimedia.org