Does anyone know how well this extension works? Has anyone used it?
It claims to be able to restrict access to all pages except those on a whitelist, FOR EACH INDIVIDUAL USER. The last part there, of course, being the bit that makes me suspicious. The documentation on Meta mentions no holes, workarounds, or flaws of any kind. Does this extension do what it says on the tin?
On Thu, Feb 28, 2008 at 7:46 AM, Virgil Ierubino virgil.ierubino@gmail.com wrote:
Does anyone know how well this extension works? Has anyone used it?
It claims to be able to restrict access to all pages except those on a whitelist, FOR EACH INDIVIDUAL USER. The last part there, of course, being the bit that makes me suspicious. The documentation on Meta mentions no holes, workarounds, or flaws of any kind. Does this extension do what it says on the tin?
See http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions. It should be perfectly secure as long as the restrictions are kept sufficiently stringent. MediaWiki fully supports setups where certain groups can only, for instance, view the Main Page and Special:Userlogin. You don't need an extension for this. If you're allowing edit access, or allow access to things like special pages, category pages, etc., I would not trust MediaWiki to do the job effectively, with or without any extensions.
wikitech-l@lists.wikimedia.org