Honestly, at that point, you'd probably be better setting up some sort
of proxy thing, where non-logged in users view some sort of proxy that
only proxies the page view (not allowing any url parameters through or
viewing any special pages), and logged in users actually deal with MW.
The biggest thing you missed is probably ?action=raw .
Special:Expandtemplates is also another vector (via {{msgnw:page name
here}}). I assume you've also disabled the api.
There's probably a lot of others. MediaWiki is not designed to hide
the wikitext source of pages.
--
Brian
On Wed, Jan 10, 2018 at 7:01 AM, Drium Yrvak <[email protected]> wrote:
> Hi all!
>
> I'm helping set up a Mediawiki for a site. Unfortunately, it's in a fairly
> drama-filled environment, where plagiarism is so common as to make us feel
> that we'd like to protect how we did certain things. Our wiki uses a lot of
> SQL integration and took a while to set up, and other wikis in the hobby
> don't use SQL a lot. To make a long story short, we want to prevent those
> competing sites from just copypasting our SQL code and reverse-engineering
> how we did things from that. If they want to figure it out on their own
> they certainly can, but we don't want people to just take our code.
>
> Luckily, by virtue of how the site is handled, the wiki doesn't allow
> anyone but the administrators to make or edit pages. That means we disabled
> account creation, and to protect certain pages (like history and view
> source) using the Lockdown extension, we simply restricted their access to
> the Users group.
>
> Sadly, it's still possible to catch the wiki code of our pages using the
> Diff parameter, and no doubt few other pages. We disabled Special:Export
> and Special:Compare, for example. But using any page that lists edits, like
> Recent Changes, people can just compare two old versions of a page and see
> the raw wiki code.
>
> How would one go about preventing access to the Diff parameter unless
> they're a User? Are there other ways to grab the raw wiki source code we
> should know about?
>
> I know this is against Mediawiki's usual open source policy. I apologize!
> But if you could still help it'd be greatly appreciated.
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
