Hi all! Check out
https://www.mediawiki.org/wiki/Security_for_developers/Architecture -- I
just removed the {{draft}} tag.
These security guidelines help lead developers, architects, and product
managers make decisions that protect MediaWiki's users when developing new
features or refactoring old code.
All MediaWiki developers can follow these principles and process when
developing new core features or extensions. If a developer or team is
planning to have their code deployed on the Wikimedia cluster, following
these guidelines will ensure the security review process is quick and
requires minimal changes before deployment.
This guide interrelates with the Architecture guidelines
<https://www.mediawiki.org/wiki/Architecture_guidelines>, Performance
guidelines <https://www.mediawiki.org/wiki/Performance_guidelines>, and user
experience guidelines
<https://www.mediawiki.org/wiki/Wikimedia_Foundation_Design>.
Thanks to everyone who helped write these, especially Chris Steipp -- he
wrote most of it and I helped. Thanks also to the chiptunes at
https://soundcloud.com/benlandis which helped me power through. :-)
Sumana Harihareswara
Senior Technical Writer
Wikimedia Foundation