Difference between revisions of "4 September 2008"
(News: SimpleSecurity4 ready for use and testing) |
|||
Line 1: | Line 1: | ||
− | {{news|title=SimpleSecurity4 ready for use and testing|img=[[Image:Padlock.svg]] | + | {{news|title=SimpleSecurity4 ready for use and testing|img=|msg= |
+ | [[Image:Padlock.svg|right]] | ||
The general problem with implementing a proper security solution in MediaWiki is that although most of the actions one can perform on articles can be restricted easily, the ability to '''read''' content cannot be easily restricted on a per-title basis. | The general problem with implementing a proper security solution in MediaWiki is that although most of the actions one can perform on articles can be restricted easily, the ability to '''read''' content cannot be easily restricted on a per-title basis. | ||
Latest revision as of 23:46, 3 September 2008
SimpleSecurity4 ready for use and testing
The general problem with implementing a proper security solution in MediaWiki is that although most of the actions one can perform on articles can be restricted easily, the ability to read content cannot be easily restricted on a per-title basis.
The reason reading is difficult to restrict is because it's an operation which is not just performed via one action, but rather that many different actions, special-pages and extensions access article content and display it in diverse ways. To make matters worse, many of these diverse means of article access are done by querying the database directly rather than going via the Article class.
However all article access made by the main code-base or any other legitimate extension is still done via the Database class to ensure that it is independent of the kind of database server being used. This means that we can implement a tighter security layer by replacing the Database class with a sub-class of it that has the security features added to its access methods.
Version 4 of our SimpleSecurity extension is an implementation of this idea, it replaces the existing Database class at runtime with a sub-class called SecureDatabase, and extends the usual MediaWiki page protection mechanism to allow restriction of the read action. See mediawiki.org for installation and usage information, or Extension talk:SimpleSecurity.php for technical details.