[Mediawiki-l] Security Feature Tips?

[Erik Heidt]

Hello MediaWiki Gurus:

I have set-up the user restriction and page white list features 
described in "Preventing Access"
(http://meta.wikimedia.org/wiki/Access_Restrictions).

There are 2 enhancements I would like to make to these security 
features, I have been looking around in the code and am not seeing a 
clear path to pursue, could someone provide a hint or two?

The two enhancements I am trying to do are:
(1) To restrict searches to logged in users, or change search to use 
alternative search engine for non-logged in users.
(2) To amend to pages specified in $wgWhitelistRead with pages in a 
specific/special category (e.g. Category:WhiteList)

Why do I think I should try to do these two things?
- I know that there are a lot of new security features coming in 1.5 
and I want to good future compatibility
- I need to make sure I don't leak non-public or not-yet approved 
information
	(about 80% of the site content requires restriction)
- Public information could be leaked though the search function 
(existence of topics/documents/etc)
- I need pages to default (fail-safe) to restricted, but I need users 
to be able to flag a page as public or released
	(I can use policy controls and category monitoring to detect user 
errors etc.)
- It is unclear to me if Jérôme Combaz's patch matches the 1.5 security 
philosophy, and doesn't default to restricted

Is there a better way (that I appear unaware of) to try to meet my 
needs?

Thanks to anyone who has any insights or can push me toward good ideas. 
If I am able to get something working I will post results back to Wiki 
Media.

Thanks and best regards,
Erik