[Mediawiki-l] File access restrictions

Wed Feb 28 01:59:50 UTC 2007

Hello Kaman,

There are two things that I would try.  The first one would be
installing an LDAP authentication system on your server, and
integrating both MediaWiki and Apache into.  Then you could protect
the entire directory structure, and have MediaWiki realize when the
user is logged on.

The second thing that I would do would be to have your image directory
point to a PHP script which would respond back with the image only
*if* the user is logged on, and read the image files from a directory
that is not available to the internet.

I hope that this helps,
Kasimir

On 2/27/07, Kaman Lee <kaman_lee at yahoo.com> wrote:
> Hello,
>
> I've setup Mediawiki so that only logged in users can view and edit wiki content.  Everything seems to be working well in regards to page access, however I can't seem to secure uploaded files.  I've searched the Mediawiki manuals and wiki for more information on file security, but can't seem to find too much information on it.
>
> Mediawiki is running on my linux box via apache.  I've tried moving the default uploads directory outside the installation dir, into a directory (owned by group "nobody") not served by apache, but that didn't work.  I was hoping that Mediawiki would access the files directly from the file system instead of via a hyperlink to the file on the server.
>
> Am I doing something wrong or missing something?  I'm relatively new to Mediawiki.  Any help would be greatly appreciated.
>
> Thanks in Advance,
>
> Kaman
>
>
>
>
>
> ____________________________________________________________________________________
> Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail beta.
> http://new.mail.yahoo.com
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>

-- 
Kasimir Gabert