https://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions comes to mind here.
You might try to hack something up by blacklisting certain API modules with ApiCheckCanExecute and the like, but such things aren't really supported. $wgDisableAPI itself probably doesn't make much sense anymore and may eventually be removed. On Mon, Jan 9, 2017 at 12:35 PM, Daniel Barrett <[email protected]> wrote: > Max Semenik <[email protected]> asks: > >Why are you disabling the API in the first place? Maybe, there's a better > solution? > > I am creating a wiki (for a specialized project) that lets anonymous users > read articles, but that is all they can do. They cannot log in, cannot view > article history, cannot view Special Pages, or use any other wiki features. > Basically, it's a wiki for a few writers and thousands of anonymous > readers. MediaWiki is a great platform because the articles are highly > interlinked like an encyclopedia. > > Unfortunately, when the API is enabled, anybody can still access all the > hidden information (article history, etc.). That's why I want to block the > API. But then I kill search suggestions. :-) > > I'm grateful for any advice you may have. Thank you. > DanB > > _______________________________________________ > Mediawiki-api mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/mediawiki-api > -- Brad Jorsch (Anomie) Senior Software Engineer Wikimedia Foundation
_______________________________________________ Mediawiki-api mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
