[Mediawiki-l] Security Feature Tips?
Erik Heidt
erik.heidt at mac.com
Sat Jul 2 21:07:12 UTC 2005
Hello MediaWiki Gurus:
I have set-up the user restriction and page white list features
described in "Preventing Access"
(http://meta.wikimedia.org/wiki/Access_Restrictions).
There are 2 enhancements I would like to make to these security
features, I have been looking around in the code and am not seeing a
clear path to pursue, could someone provide a hint or two?
The two enhancements I am trying to do are:
(1) To restrict searches to logged in users, or change search to use
alternative search engine for non-logged in users.
(2) To amend to pages specified in $wgWhitelistRead with pages in a
specific/special category (e.g. Category:WhiteList)
Why do I think I should try to do these two things?
- I know that there are a lot of new security features coming in 1.5
and I want to good future compatibility
- I need to make sure I don't leak non-public or not-yet approved
information
(about 80% of the site content requires restriction)
- Public information could be leaked though the search function
(existence of topics/documents/etc)
- I need pages to default (fail-safe) to restricted, but I need users
to be able to flag a page as public or released
(I can use policy controls and category monitoring to detect user
errors etc.)
- It is unclear to me if Jérôme Combaz's patch matches the 1.5 security
philosophy, and doesn't default to restricted
Is there a better way (that I appear unaware of) to try to meet my
needs?
Thanks to anyone who has any insights or can push me toward good ideas.
If I am able to get something working I will post results back to Wiki
Media.
Thanks and best regards,
Erik
More information about the MediaWiki-l
mailing list