User:Barre/MediaWiki: Difference between revisions

From KitwarePublic
Jump to navigationJump to search
No edit summary
Line 35: Line 35:


After some talk with the developpers, it seems MediaWiki is actually not designed to protect pages from being read.
After some talk with the developpers, it seems MediaWiki is actually not designed to protect pages from being read.
==Changes I Made To This Wiki==
* LocalSettings.php:
<pre>
# Extensions
include("extensions/kwIncludeFile.php");
include("extensions/kwArticleTimeStamp.php");
include("extensions/kwSiteMap.php");
include("extensions/kwBreadCrumbs.php");
</pre>
* includes/DefaultSettings.php:
<pre>
$wgUseFileCache = false;
# Which namespaces should support subpages?
# See Language.php for a list of namespaces.
#
$wgNamespacesWithSubpages = array( -1 => 0, 0 => 1, 1 => 1, 2 => 1, 3 => 1, 4 => 0, 5 => 1, 6 => 0, 7 => 1, 8 => 0, 9 => 1, 10 => 0, 11 => 1);
$wgNamespacesToBeSearchedDefault = array( -1 => 0, 0 => 1, 1 => 0, 2 => 1, 3 => 0, 4 => 0, 5 => 0, 6 => 0, 7 => 0, 8 => 0, 9 => 1, 10 => 0, 11 => 1 );
<pre></pre>

Revision as of 14:59, 16 May 2005

Extensions

Installation

  • PHP: fopen() does not seem to work quite well with PHP 4.3.3 on Win32 (failed to open stream: no suitable wrapper could be found). Use 4.3.10 instead.

Configuration

Editing

ACL

I had the feeling the <LocationMatch> directive would provide a way to protect a sub-section of a MediaWiki. For example, the following code requires a valid authenticated user to access any page matching the (.*)[kK]wGrid.?Private(.*) regexp.

<LocationMatch "(.*)[kK]wGrid.?Private(.*)">
  AuthName "kwGrid private section"
  AuthType Basic
  AuthUserFile /projects/KitwareWeb/restricted_accesses/wiki/kwGrid/passwd
  require valid-user
</LocationMatch>

The above code triggers a password-based authentication for any page matching the kwGrid:Private prefix, thus restricting access to a virtual sub-section or sub-directory under kwGrid:Private. For example, http://public.kitware.com/Wiki/KwGrid:Private/Welcome. It also matches any files prefixed with kwGridPrivate.

Sadly, this is flawed. The <LocationMatch> directive matches an URL, but does not match the query string. Thus, there is no way to restrict access to a page when it is accessed using any of the history/diff/edit/move action. For example, http://public.kitware.com/Wiki?title=KwGrid:Private/Welcome&action=edit gives unrestricted access to the page, since the http://public.kitware.com/Wiki URL does not match our regexp.

After some talk with the developpers, it seems MediaWiki is actually not designed to protect pages from being read.

Changes I Made To This Wiki

  • LocalSettings.php:
# Extensions
include("extensions/kwIncludeFile.php");
include("extensions/kwArticleTimeStamp.php");
include("extensions/kwSiteMap.php");
include("extensions/kwBreadCrumbs.php");
  • includes/DefaultSettings.php:
$wgUseFileCache = false;
# Which namespaces should support subpages?
# See Language.php for a list of namespaces.
#
$wgNamespacesWithSubpages = array( -1 => 0, 0 => 1, 1 => 1, 2 => 1, 3 => 1, 4 => 0, 5 => 1, 6 => 0, 7 => 1, 8 => 0, 9 => 1, 10 => 0, 11 => 1);

$wgNamespacesToBeSearchedDefault = array( -1 => 0, 0 => 1, 1 => 0, 2 => 1, 3 => 0, 4 => 0, 5 => 0, 6 => 0, 7 => 0, 8 => 0, 9 => 1, 10 => 0, 11 => 1 );
<pre>