Folks,
If current implementation can be made more secure, I'm well for it - ideally more secure then the alternative native PHP extensions infrastructure MW has right now.
Unfortunately, this was born because writing extensions for widgets is hard, writing them in secure way is even harder, splitting the code into two layers maintained on different levels seemed better, especially for small independent wikis who have hard time managing extensions.
If anyone is interested in rewriting it using more secure framework or maybe fixing all the widgets (providing better validators or alike), you're very welcome to do so.
There were other ideas like context-based auto-escaping, better review process, rewrite using new version of Smarty, installation from centralized repo and so on, but someone else sill have to continue that.
Anyway, we can kill the work of many years, that's easy, more over, it'll die alone without active commitment anyway, I hope good open source community like MW team can find out a way to utilize this work.
If there is any help needed, I'm eager to help with the move as I did before by maintaining Widgets, OpenID extension and contributing to Semantic MediaWiki/Forms/Bundle and so on - it's just time for me to step away from MW development.
Best,
Sergey
On Tue, Sep 4, 2012 at 6:06 PM, Daniel Friesen daniel@nadir-seen-fire.comwrote:
On Tue, 04 Sep 2012 14:14:34 -0700, Jeroen De Dauw jeroendedauw@gmail.com wrote:
Hey,
This is clearly not the case. Because there are XSS vectors all over these
widgets. Developers who understand security do not monitor code strewn about in piles of wiki pages. They in no way have the same level of gatekeeping as extensions.
So instead of writing a widget publicly visible, the random third party admin who barley knows the basics of PHP goes write something that quite possibly is not published anywhere and can have gaping security holes not known to them and remaining so.
Random third party admins running wikis so small they hack together custom code don't have people who understand security reviewing anything for vulnerabilities. Even if it's public it's going to stay vulnerable.
The only way these sites will ever have something secure is if we have a nice widget request area where third party admins can get someone to write a simple widget extension for some service they want to use.
You also mention stuff such as
Html::element. Guess what - they might not know about it. I have looked at A LOT of extensions, and I can assure you that you have a rather rosy view on the subject.
We just have bad documentation on the subject. A proper PHP based Widget extension would provide some apis even nicer than our current Html. Easy to use validation. Boilerplate cleanup. And would naturally come with good documentation that encourages people to use the high-level style of code. Well, not just encourages... I'd say it wouldn't even mention the fact you can concatenate strings of html.
Cheers
-- Jeroen De Dauw http://www.bn2vs.com Don't panic. Don't be evil. --
-- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
______________________________**_________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/**mailman/listinfo/wikitech-lhttps://lists.wikimedia.org/mailman/listinfo/wikitech-l