On Tue, Aug 17, 2010 at 11:47 AM, David Gerard <[email protected]> wrote: > On 17 August 2010 17:54, Graham <[email protected]> wrote: > >> So I guess there isn't any possibility to have a group of users assigned >> to a Namespace, and the other users status quo. >> The owner of the wiki doesn't want another one to administer, so that's >> why I am trying to be one hundred percent clear. The owner indicated >> that the main Namespace being open isn't an issue. However, being able >> to assign a few users to one Namespace, and having the remainder of >> users functioning as usual is required. >> Just want to be clear. > > > There are extensions that let you do this sort of thing to some > degree, but they're not part of the main MediaWiki code and are not > likely to be. > > The trouble is that even if you restrict users to a namespace or from > a namespace, evidence of the namespace will leak to public visibility > - content, special pages, etc. > > The only way to properly secure MediaWiki on this level would be to > put restricting code into every function of this rather large and > complicated piece of software ... > > Here's a category of such extensions. I've never used any myself, but > the devs have detailed the problems with such extensions: > > http://www.mediawiki.org/wiki/Category:Page_specific_user_rights_extensions > > Speaking as an intranet system administrator, I'd never try to do this > - if someone wants a secure wiki they get a separaste instance, if > they want page-level security inside a single wiki then MediaWiki is > likely not the right tool. > > - d.
The CIA generated code to add rigorous security classification levels to MediaWiki would be useful to see; I tend to agree with David that MediaWiki (even with available extensions) isn't a good tool for this job. I think that the code was kept private, though. The problem with other Wiki software that's better at security is that it's as a rule much more lousy Wiki software. The Wikimedia Foundation per se doesn't have incentive or a goal to rebuild MediaWiki as something in which real security is a design goal right now. Which is somewhat unfortunate, as some commercial and organizational users could use that. The CIA did, but we didn't get the code. I think that the world and industry as a whole are somewhat harmed by the situation; adoption rate of intranet Wikis is somewhat slow in many environments, because they're using more lousy Wiki platforms. -- -george william herbert [email protected] _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
