: How can I secure an installation of MediaWiki? I want to run an installation of MediaWiki as a Internet-accessible personal wiki, running on wiki.mysite.com. However, I want to ensure that I
I want to run an installation of MediaWiki as a Internet-accessible personal wiki, running on wiki.mysite.com. However, I want to ensure that I am the only one who can read and write to this wiki. In the future, I may explicitly give other people read and/or read/write access, so the method of securing the wiki should account for that as well.
I see two options: I can use some MediaWiki plugin or I can secure the subdomain with HTTP authentication. However, I'm not sure what the advantages and disadvantages of either are in the long run. Suggestions or advice as to what plugins or authentication methods might be most reliable?
More posts by @Pope3001725
2 Comments
Sorted by latest first Latest Oldest Best
I've used MediaWiki as a CMS on quite a few occasions, though my goal has been to publish (i.e. allow anyone else to view and only editors access to write) content but restrict edit access.
To lock down write privileges:
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['editpage'] = false;
$wgGroupPermissions['*']['edittalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['sysop']['createaccount'] = true;
$wgGroupPermissions['sysop']['edit'] = true;
$wgGroupPermissions['sysop']['editpage'] = true;
$wgGroupPermissions['sysop']['edittalk'] = true;
$wgGroupPermissions['sysop']['createpage'] = true;
$wgGroupPermissions['sysop']['createtalk'] = true;
... and allow use of raw HTML (highly desirable if you're using MW to publish):
$wgRawHtml = true;
Using basic user authentication supported by your webserver sounds like a reasonable way to prevent unauthorized parties from reading the content of your wiki, though there is probably no need to prevent people who are already authenticated from writing on your wiki (unless you have three tiers of privilege - i.e. no-read,no-write/read,no-write/read,write).
Edit: For long-term use (and if you need to support a growing number of users' privileges) I think you'd be best-served to find a plugin which supports exactly what you're trying to do and/or customize your MW installation to handle user authentication for reading in addition to write access.
Note that many of the existing MW plugins intended to prevent read access on specific pages have been plagued with "bugs" (i.e. a user could use the MW Export functionality to see the content of the page) because MW itself was never intended to include the feature in question - if you're hosting stuff no one else should see, you'll likely need to lock a lot of things down.
One site you might be interested in would be mwusers.com - plenty of relevant discussion (including experience w/various strategies and plugins) there.
Can you elaborate on the permissions that MW has built in?
Bureaucrats (can promote user to sysop) > Sysops (can protect and import pages, can ban users) > Users (can read, write, and edit on default installation)
Check out the Help:Sysops and permissions page at MediaWiki.org for further details on the default functionality and Manual:User rights for built-in MW configuration options.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.