[Mediawiki-l] Exact use of $wgGroupPermissions

Brion Vibber brion at pobox.com
Wed Jan 25 23:08:50 UTC 2006


grok at resist.ca wrote:
>>> If you require that kind of restrictions, MediaWiki is not
>>> for you. I recommend using software that is designed for
>>> that security model from the ground up.
> 
> I understand very well the stance being taken by the
> Mediawiki developers; but it seems to me that there's a
> crying need for at least some sort of systematic
> extension/module capability for normal GNUnix-type
> permissions/file access, if not for ACL/SELinux type stuff.

Since there are a lot of ways to get at content in MediaWiki, a mixed-
permissions model hacked on top is very likely to be insecure, allowing access
to forbidden content in numerous ways.

I simply think it's very unwise to try taking a complicated system full of ugly
hackish code that's based on the idea that everyone can see everything, and try
to hack on 'but sometimes you can't' at a page/user level. It's likely to break,
you're likely to leak data, and if you rely on this you could lose
business/money/publicity/territory/lives/blah blah.

It's unsafe and insecure, and you're better off using a secure model if you
require one. I *beg* you, for your own good, not to try using MediaWiki if you
actually require that type of security. It'll bite you, I guarantee it.

-- brion vibber (brion @ pobox.com)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.wikimedia.org/pipermail/mediawiki-l/attachments/20060125/3f8f7619/attachment.pgp 


More information about the MediaWiki-l mailing list