[Mediawiki-l] page protection through encryption?

Thomas Dalton thomas.dalton at gmail.com
Wed Aug 15 12:17:38 UTC 2007


On 15/08/07, Frederik Dohr <fdg001 at gmx.net> wrote:
> > What's your plan for communicating keys? You are likely to just move
> > the security issues from the articles themselves to the keys, which
> > isn't a great improvement.
>
> I'm not entirely sure what you mean...
>
> For starters, I was thinking of having the user choose any custom key or
> "password" (as long as the page is not encrypted already, of course), so
> you would actually have to type in that password and reload the page to
> decrypt.
>
> Communicating those keys to the authorized people would be a bit
> cumbersome, of course - so in later (post-proof-of-concept) versions,
> you might have user groups, so the encryption would take place
> automatically.

Communicating the keys to the authorised people is exactly what I'm
talking about. Even with user groups, if the decryption is taking
place client-side (which is what you're suggesting with Javascript),
the key needs to be transferred somehow. If you have way of working
out who to send the key to, you could just use the same system to send
the page itself and not worry about encryption.



More information about the MediaWiki-l mailing list