Dear mediawiki admin experts,
I have a configuration goal for my installation of mediawiki that might technically only be a web-server related modification, but I am convinced that the solution (if it is even possible) will requires the advanced insights of this group of experts. Here's the situation: I have set-up a mediawiki (1.6.10) on a dedicated company server (Red Hat, Apache 2.0.52) which uniformly (www and intranet) limits browser accessibility to users who have a company username and password which they are required to provide to the browser in order to view the wiki articles. wiki user-accounts for authoring are handled by the LDAP module. This part all works great. --- The problem is --- that I am now being asked if it is possible to make certain pages "publicly" accessible and not protected behind a secure browser authentication against the company's domain (after we've gone to such excellent lengths to protect all of the content!!!) I am being asked if specific articles and/or all of the articles in certain namespace can be made to be an exception to our global restrictions on who can "see" the articles. A specific example is the "Main Page" and any of the User's pages. So, does anyone know how to configure a mediawiki such that "some" pages require secure browser authentication even just to see them? If so, the ideal solution would behave such that new pages are created inaccessible from the public by default. --- sincerest thanks all. - Rich (revansx)
The safest (easiest?) way I can think of is to have a separate wiki that is decidedly public. Meaning publicly viewable (you can of course lock down editorship however you want).
Locking down read access to certain pages is a tough problem not solvable with a vanilla install alone - it takes extensions to do it. There may be extensions out there that can help you, but I'm not sure.
-- Jim R. Wilson (jimbojw)
On 5/29/07, revansx@cox.net revansx@cox.net wrote:
Dear mediawiki admin experts,
I have a configuration goal for my installation of mediawiki that might technically only be a web-server related modification, but I am convinced that the solution (if it is even possible) will requires the advanced insights of this group of experts. Here's the situation: I have set-up a mediawiki (1.6.10) on a dedicated company server (Red Hat, Apache 2.0.52) which uniformly (www and intranet) limits browser accessibility to users who have a company username and password which they are required to provide to the browser in order to view the wiki articles. wiki user-accounts for authoring are handled by the LDAP module. This part all works great. --- The problem is --- that I am now being asked if it is possible to make certain pages "publicly" accessible and not protected behind a secure browser authentication against the company's domain (after we've gone to such excellent lengths to protect all of the content!!!) I am being asked if specific articles and/or all of the articles in certain namespace can be made to be an exception to our global restrictions on who can "see" the articles. A specific example is the "Main Page" and any of the User's pages. So, does anyone know how to configure a mediawiki such that "some" pages require secure browser authentication even just to see them? If so, the ideal solution would behave such that new pages are created inaccessible from the public by default. --- sincerest thanks all. - Rich (revansx)
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Dear mediawiki admin experts,
I am being asked if specific articles and/or all of the articles in certain namespace can be made to be an exception to our global restrictions on who can "see"
the articles. A
specific example is the "Main Page" and any of the User's pages. So,
does anyone know how
to configure a mediawiki such that "some" pages require secure browser
authentication even
just to see them? If so, the ideal solution would behave such that new
pages are created
inaccessible from the public by default. --- sincerest thanks all. -
Rich (revansx)
If there isn't a lot of pages, maybe you can deal with $wgWhitelistRead?
This is exactly the kind of discussion I was hoping for :-) Thanks everyone!
Immediate updating of the public site is not a requirement for me. A nightly update will do just fine. However, I am now of the opinion that the same database can be used for two wiki's just using two different accounts. Let me explain my plan:
1) My present wiki, which is in a secure "https" apache folder and protected from public viewing by requiring users to authenticate through my companies domain controller and uses the LDAP modules will remain "as is" where the wiki will use the standard admin read/write MySQL database account in the LocalSettings.php for all access to the wikidb. Thus, this, the first wiki's URL would be something like: https://www.mycompany.com/wiki/index.php
2) I will create a "read-only" MySQL account for the wikidb using "phpMyAdmin" whose name is "wikidb_reader".
3) I will create a copy of my wiki's entire html/wiki folder in another "www", "public" folder on my server where the Localsettings.php file will access the same MySQL database except by using the "wikidb_reader" account which has no power to make updates to the wikidb MySQL database. Then the 2nd wiki's URL would be like: http://www.mycompany.com/public/wiki/index.php
4) I will restrict the public wiki (the second one) viewing to a custom skin which will check for a "magic word" which allows the page to load "else" it will display a "this page is private" message to the joe public user.
.......That's my plan. Let me know if you see a flaw in it, otherwise.... thanks again everyone :-)
- Rich (revansx)
----- Original Message ----- From: "Platonides" Platonides@gmail.com To: mediawiki-l@lists.wikimedia.org Sent: Thursday, May 31, 2007 4:09 PM Subject: Re: [Mediawiki-l] hiding and sharing articles/namespaces to thepublic
Dear mediawiki admin experts,
I am being asked if specific articles and/or all of the articles in certain namespace can be made to be an exception to our global restrictions on who can "see"
the articles. A
specific example is the "Main Page" and any of the User's pages. So,
does anyone know how
to configure a mediawiki such that "some" pages require secure browser
authentication even
just to see them? If so, the ideal solution would behave such that new
pages are created
inaccessible from the public by default. --- sincerest thanks all. -
Rich (revansx)
If there isn't a lot of pages, maybe you can deal with $wgWhitelistRead?
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org