4 September 2008

From Organic Design wiki
Revision as of 23:39, 3 September 2008 by Nad (talk | contribs) (News: SimpleSecurity4 ready for use and testing)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Warning.svg This is a blog item that needs to be converted to the new Bliki format


SimpleSecurity4 ready for use and testing

The general problem with implementing a proper security solution in MediaWiki is that although most of the actions one can perform on articles can be restricted easily, the ability to read content cannot be easily restricted on a per-title basis.

The reason reading is difficult to restrict is because it's an operation which is not just performed via one action, but rather that many different actions, special-pages and extensions access article content and display it in diverse ways. To make matters worse, many of these diverse means of article access are done by querying the database directly rather than going via the Article class.

However all article access made by the main code-base or any other legitimate extension is still done via the Database class to ensure that it is independent of the kind of database server being used. This means that we can implement a tighter security layer by replacing the Database class with a sub-class of it that has the security features added to its access methods.

Version 4 of our SimpleSecurity extension is an implementation of this idea, it replaces the existing Database class at runtime with a sub-class called SecureDatabase, and extends the usual MediaWiki page protection mechanism to allow restriction of the read action. See mediawiki.org for installation and usage information, or Extension talk:SimpleSecurity.php for technical details.