If only the title is visible (but the content is not), interesting
problems arise:
You can perform "Show any pages that link to X" (Assuming X is visible).
The result is a list of pageIDs, which can be resolved to titles.
This means that anyone can find all the links, templates, and images
on a page whose content is not available.
I think per-namespace readability instead of per-page readability
(implemented as part of the Lockdown extension -
http://www.mediawiki.org/wiki/Extension:Lockdown ) are the best way to
allow access rights while also maintaining robust implementation.
Lockdown page discusses some other issues they faced to read-protect
wiki.
On 7/11/07, Brion Vibber <brion(a)wikimedia.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel Cannon wrote:
Take, for instance, Yuri's case
of determining whether or not to include the title of a page in a
list--it is not set in stone anywhere that User:Joe Blow can or cannot
see the title, so how is the API to make this determination?
Titles are always visible.
- -- brion vibber (brion @
wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFGlOWdwRnhpk1wk44RAjHwAJ9yakTkXGKW/hzQYTOPEJZJk96lWQCgwhtz
1dfUS7bjp7x3Oxj2Lq3suwA=
=hTFv
-----END PGP SIGNATURE-----
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/wikitech-l