Is there any word on when PageSecurity will work with MediaWiki 1.9? I now have a need for the extension, but I've already upgraded my wiki.
On 25/01/07, Air Force CGOC Webmaster webmaster@afcgoc.org wrote:
Is there any word on when PageSecurity will work with MediaWiki 1.9? I now have a need for the extension, but I've already upgraded my wiki.
The name alone implies this is one of those wonderful false-sense-of-security extensions that will never fully work with MediaWiki and should not be trusted to secure data, ever. At all.
Rob Church
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Moin,
On Thursday 25 January 2007 20:35, Rob Church wrote:
On 25/01/07, Air Force CGOC Webmaster webmaster@afcgoc.org wrote:
Is there any word on when PageSecurity will work with MediaWiki 1.9? I now have a need for the extension, but I've already upgraded my wiki.
The name alone implies this is one of those wonderful false-sense-of-security extensions that will never fully work with MediaWiki and should not be trusted to secure data, ever. At all.
Don't judge a book by its cover.
(I have no idea what PageSecurity does, but if the author is equally bad at naming things like me, it might be something completely different and discounting it on its name alone is just foolish.)
And sorry that I cannot help you getting PageSecurity to work wuth MediaWiki 1.9, either.
Best wishes,
Tels
- -- Signed on Fri Jan 26 00:28:34 2007 with key 0x93B84C15. View my photo gallery: http://bloodgate.com/photos PGP key on http://bloodgate.com/tels.asc or per email.
"Call me Justin, Justin Case."
Rob Church wrote:
On 25/01/07, Air Force CGOC Webmaster webmaster@afcgoc.org wrote:
Is there any word on when PageSecurity will work with MediaWiki 1.9? I now have a need for the extension, but I've already upgraded my wiki.
The name alone implies this is one of those wonderful false-sense-of-security extensions that will never fully work with MediaWiki and should not be trusted to secure data, ever. At all.
Well, I'm not looking to protect data, just set permissions on edit pages, which PageSecurity is more than adequate for. If you have a better way, please let me know. Otherwise, I was just trying to get feedback on timing - since I've seen the author post on this list.
Well, that's good; we probably wouldn't want any secret Air Force documents being picked over by prying eyes. ;)
Do you actually need to restrict editing of specific pages (for which you could always use standard protection), or would it be enough to just require users to log in to edit pages? (You could then then restrict account creation to administrators or registered users.) Take a look at http://meta.wikimedia.org/wiki/Preventing_access if that would suffice. If you needed more page-per-page controls, you could use namespace permissions, or try something like http://meta.wikimedia.org/wiki/Page_access_restriction_with_MediaWiki (I don't know if it works for 1.9).
If you want to go with the PageSecurity extension, then you should probably contact its author.
On 1/25/07, Air Force CGOC Webmaster webmaster@afcgoc.org wrote:
Rob Church wrote:
On 25/01/07, Air Force CGOC Webmaster webmaster@afcgoc.org wrote:
Is there any word on when PageSecurity will work with MediaWiki 1.9? I now have a need for the extension, but I've already upgraded my wiki.
The name alone implies this is one of those wonderful false-sense-of-security extensions that will never fully work with MediaWiki and should not be trusted to secure data, ever. At all.
Well, I'm not looking to protect data, just set permissions on edit pages, which PageSecurity is more than adequate for. If you have a better way, please let me know. Otherwise, I was just trying to get feedback on timing - since I've seen the author post on this list.
-- 1st Lt Wayne "Mike" Straw Air Force CGOC Webmaster webmaster@afcgoc.org http://www.afcgoc.org
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Yep - we're not really the Air Force - just a group of Air Force officers helping each other out (similar to the Air Force Association or NCO Association). No official military stuff here!
What we're trying to do is set up where we would have multiple editors, each responsible for a certain section of the site. Namespaces is a possibility. The page access restrictions looks even worse than PageSecurity. PageSecurity is tested and good for up through 1.8, Page access restriction looks like it hasn't been touched since 1.7.
I'll keep plugging.
Thanks!
2007/1/25, Rob Church robchur@gmail.com:
On 25/01/07, Air Force CGOC Webmaster webmaster@afcgoc.org wrote:
Is there any word on when PageSecurity will work with MediaWiki 1.9? I now have a need for the extension, but I've already upgraded my wiki.
The name alone implies this is one of those wonderful false-sense-of-security extensions that will never fully work with MediaWiki and should not be trusted to secure data, ever. At all.
There is a warning on the extension documentation that says just that.
I'm not using it to protect confidential data, just to provide a good-enough solution for our needs.
I chose to release it so others could review it, find its weak spots and maybe in the future there can be a really safe solution for MediaWiki.
I'm inclined to wait for 1.9.2.
Anyone could apply the patches on 1.9.1. If I can spare some time I'll try to do that.
Air Force CGOC Webmaster schrieb:
Is there any word on when PageSecurity will work with MediaWiki 1.9? I now have a need for the extension, but I've already upgraded my wiki.
I tried to group all information concerning user rights here: http://meta.wikimedia.org/wiki/Category:MediaWiki_authentication
You might want to take a look at http://www.mediawiki.org/wiki/Extension:Group_Based_Access_Control
It works well and is similar in function to PageSecurity.
As noted, none of them is really safe yet.
Gunter
I think this exchange of ideas is very good. I hope it can evolve and help create a really secure access control system for MediaWiki.
I'd like to state that PageSecurity protects a lot more operation than Group_Based_Access_Control does. I couldn't find any other extension that implemented all the security features I needed. This is the list of other extensions that I evaluated prior to deciding to build one from scratch:
http://www.mediawiki.org/wiki/Extension:PageSecurity#Alternatives
On 27/01/07, Fernando Correia fernandoacorreia@gmail.com wrote:
I think this exchange of ideas is very good. I hope it can evolve and help create a really secure access control system for MediaWiki.
(sigh)
Don't use a wiki if you want a secure access-controlled environment. Use a proper CMS or a document management system.
Rob Church
Rob Church wrote:
On 27/01/07, Fernando Correia fernandoacorreia@gmail.com wrote:
I think this exchange of ideas is very good. I hope it can evolve and help create a really secure access control system for MediaWiki.
(sigh)
Don't use a wiki if you want a secure access-controlled environment. Use a proper CMS or a document management system.
Rob Church
I'm definitely not looking for a super secure access-controlled environment. I'm building a public web page with multiple editors, and want to prevent those editors from accidentally or intentionally overwriting portions of the site they aren't responsible for. The Wiki platform is perfect for what we want, with an extension like PageSecurity (which unfortunately is not available for 1.9 yet) or Group Based Access Control (which I'm looking at now) to provide basic editing protection.
I'm definitely learning a lot from this debate - thanks for the info!
Don't use a wiki if you want a secure access-controlled environment. Use a proper CMS or a document management system.
I'm definitely not looking for a super secure access-controlled environment. I'm building a public web page with multiple editors, and want to prevent those editors from accidentally or intentionally overwriting portions of the site they aren't responsible for. The Wiki platform is perfect for what we want, with an extension like
I agree with the Air Force here; while this might not be 100% conform to Cunningham's original idea, there's definitely a gray zone in between the open wiki principle and CMS-style access control. That's the beauty of wikis (and MW in particular); they can be adapted to almost any situation.
Just my two cents... (translation: Please, Rob, don't hurt me!)
-- F.
On my first tests, the extension worked with 1.9.1. I reapplied the patches manually on the new version files. I had some issues with the Semantic MediaWiki extension on MediaWiki 1.9.1, though.
I expect to release a version of the patched files next week.
Regards,
Fernando.
2007/1/27, Air Force CGOC Webmaster webmaster@afcgoc.org:
Rob Church wrote:
On 27/01/07, Fernando Correia fernandoacorreia@gmail.com wrote:
I think this exchange of ideas is very good. I hope it can evolve and
help
create a really secure access control system for MediaWiki.
(sigh)
Don't use a wiki if you want a secure access-controlled environment. Use a proper CMS or a document management system.
Rob Church
I'm definitely not looking for a super secure access-controlled environment. I'm building a public web page with multiple editors, and want to prevent those editors from accidentally or intentionally overwriting portions of the site they aren't responsible for. The Wiki platform is perfect for what we want, with an extension like PageSecurity (which unfortunately is not available for 1.9 yet) or Group Based Access Control (which I'm looking at now) to provide basic editing protection.
I'm definitely learning a lot from this debate - thanks for the info!
-- 1st Lt Wayne "Mike" Straw Air Force CGOC Webmaster webmaster@afcgoc.org http://www.afcgoc.org
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Fernando,
Thanks for checking! Just to clarify - are you saying the current version of the extension runs fine with 1.9.1, or should I wait for your next update?
(BTW, you guys can call me Mike - "Air Force" is just who I work for. :-D )
Sorry for not being clear.
You should wait for an update, unless you feel like applying the patches yourself. The main source code did not need to be changed.
I expect to release this next Monday.
2007/1/27, Air Force CGOC Webmaster webmaster@afcgoc.org:
Fernando,
Thanks for checking! Just to clarify - are you saying the current version of the extension runs fine with 1.9.1, or should I wait for your next update?
(BTW, you guys can call me Mike - "Air Force" is just who I work for. :-D )
-- 1st Lt Wayne "Mike" Straw Air Force CGOC Webmaster webmaster@afcgoc.org http://www.afcgoc.org
Fernando Correia wrote:
On my first tests, the extension worked with 1.9.1. I reapplied the
patches
manually on the new version files. I had some issues with the Semantic MediaWiki extension on MediaWiki 1.9.1, though.
I expect to release a version of the patched files next week.
Regards,
Fernando.
2007/1/27, Air Force CGOC Webmaster webmaster@afcgoc.org:
Rob Church wrote:
On 27/01/07, Fernando Correia fernandoacorreia@gmail.com wrote:
I think this exchange of ideas is very good. I hope it can evolve and
help
create a really secure access control system for MediaWiki.
(sigh)
Don't use a wiki if you want a secure access-controlled environment. Use a proper CMS or a document management system.
Rob Church
I'm definitely not looking for a super secure access-controlled environment. I'm building a public web page with multiple editors, and want to prevent those editors from accidentally or intentionally overwriting portions of the site they aren't responsible for. The Wiki platform is perfect for what we want, with an extension like PageSecurity (which unfortunately is not available for 1.9 yet) or
Group
Based Access Control (which I'm looking at now) to provide basic
editing
protection.
I'm definitely learning a lot from this debate - thanks for the info!
-- 1st Lt Wayne "Mike" Straw Air Force CGOC Webmaster webmaster@afcgoc.org http://www.afcgoc.org
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On Saturday 27 January 2007 20:37, Fernando Correia wrote:
On my first tests, the extension worked with 1.9.1. I reapplied the patches manually on the new version files. I had some issues with the Semantic MediaWiki extension on MediaWiki 1.9.1, though.
Could you provide some details, so we can fix it? I installed SMW on post-1.9 MWs before, and did not encounter problems yet.
Thanks.
Markus
I expect to release a version of the patched files next week.
Regards,
Fernando.
2007/1/27, Air Force CGOC Webmaster webmaster@afcgoc.org:
Rob Church wrote:
On 27/01/07, Fernando Correia fernandoacorreia@gmail.com wrote:
I think this exchange of ideas is very good. I hope it can evolve and
help
create a really secure access control system for MediaWiki.
(sigh)
Don't use a wiki if you want a secure access-controlled environment. Use a proper CMS or a document management system.
Rob Church
I'm definitely not looking for a super secure access-controlled environment. I'm building a public web page with multiple editors, and want to prevent those editors from accidentally or intentionally overwriting portions of the site they aren't responsible for. The Wiki platform is perfect for what we want, with an extension like PageSecurity (which unfortunately is not available for 1.9 yet) or Group Based Access Control (which I'm looking at now) to provide basic editing protection.
I'm definitely learning a lot from this debate - thanks for the info!
-- 1st Lt Wayne "Mike" Straw Air Force CGOC Webmaster webmaster@afcgoc.org http://www.afcgoc.org
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Thank for your concern, but I think a wiki will be more effective to our application.
2007/1/27, Rob Church robchur@gmail.com:
On 27/01/07, Fernando Correia fernandoacorreia@gmail.com wrote:
I think this exchange of ideas is very good. I hope it can evolve and
help
create a really secure access control system for MediaWiki.
(sigh)
Don't use a wiki if you want a secure access-controlled environment. Use a proper CMS or a document management system.
Rob Church
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org