[MediaWiki-l] Mediawiki as an Enterprise wiki

Pierre Labrecque pierre.labrecque at live.ca
Sun Aug 18 11:46:46 UTC 2013


" Ok, maybe that sounded too arrogant :-),"... LOL

I've found the same page, and also this one:
http://www.mediawiki.org/wiki/Category:Page_specific_user_rights_extensions
where we can see that Lockdown seems green, except in some cases:
1- no page-based access control: in our case, we don't care as we want to lock at a namespace level
2- Add ACL by editing page: same answer
3- Add ACL via Special pages: who care... we do it in LocalSettings.php
4- other points are in gray: title listed, but not content. So if we don't write something "confidential" in the title, where is the problem ?
I don't know if these info are accurate...

Now:
1- I'm not a perfect newbie, but absolutely not an expert too... 
2- I just want to see what is the real risk in a corporate environnement (not an Internet site... on an intranet only)

Thanks for your answer !

Pierre

-----Original Message-----
From: mediawiki-l-bounces at lists.wikimedia.org [mailto:mediawiki-l-bounces at lists.wikimedia.org] On Behalf Of Yury Katkov
Sent: Sunday, August 18, 2013 2:50 AM
To: MediaWiki announcements and site admin list
Subject: Re: [MediaWiki-l] Mediawiki as an Enterprise wiki

Ok, maybe that sounded too arrogant :-), but look, there are several dozens of ways to read information stored on a wikipage, I perfectly understand that there is a lot of work needed to close the access through all these channels. For some channels, experience shows, it's impossible to close access without patching the core:

1) go directly to the page
2) transclude the page into another page
3) use MediaWiki API
4) if you use extensions, for example DPL or Semantic MediaWiki, retrieve the data with their queries
5) use Special:Export
6) use RSS

Oh, I've found a list here:
http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions


-----
Yury Katkov, WikiVote



On Sun, Aug 18, 2013 at 3:33 AM, Pierre Labrecque <pierre.labrecque at live.ca> wrote:
>
>
>> -----Original Message-----
>> From: mediawiki-l-bounces at lists.wikimedia.org 
>> [mailto:mediawiki-l-bounces at lists.wikimedia.org] On Behalf Of Yury 
>> Katkov
>> Sent: Saturday, August 10, 2013 11:43 PM
>> To: MediaWiki announcements and site admin list
>> Subject: Re: [MediaWiki-l] Mediawiki as an Enterprise wiki
>
>> sorry: I can retrieve the data stored on any mediawiki page if I want to.
>
>
>> -----
>> Yury Katkov, WikiVote
>
> Hello again,
>
> I know that the mailing list is probably not the good place for this question, but I would like to know how you can do that (bypass Lockdown and access data stored in a mediawiki page)? I tried to do some search on Google on this, but didn't find something... OK, I'm a new with Mediawiki, but didn't find something... If you can give me a link which explain...
>
> Thanks !
>
> Pierre
>
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l at lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l




More information about the MediaWiki-l mailing list