----- Original Message ----
> From: SoloPianoDC.com <[email protected]>
> Subject: [mwlib] Re: Cannot render namespaces > 100
>
> "Thanks for helping us" - please do not use this tone. This extension
> is required; I do not have a development system and this wiki is
> installed in a corporate environment. I am simply not allowed to
> remove this extension. I have been unable to get a local renderer
> working so I am still pointed at the public renderer. I feel helpless
> here.
Without wishing to be rude, you get this software, and all the effort to
support it for free. No-one is obliged to do anything to get your particular
configuration working, especially if you won't provide any effort to help do
so. If you want someone to be responsible for making your system work, _employ_
a system administrator.
The fact that you can't be bothered to put together a development system to
test things on before deploying them to your public server is your own problem,
and not anyone here's. The lockdown extension is not one that is widely used on
public sites, is of beta status, and has a large security warning on it.
Therefore testing compatibility between it and the Collection extension is not
a priority for anyone. If this was commercial software, then you would just be
told that you have an unsupported configuration and will get no support until
you remove the extension. As it's not, we are willing to look at specific
issues even if no-one else is likely to use them, provided that the reporter
will contribute some effort in testing possible causes and the like. If you
expect a solution worked out by us and served to you on a plate, then you won't
get it, from almost any open source project that has to rely on volunteer
effort.
> ===========================
> | The Lockdown extension implements a way to restrict access to
> specific
> | namespaces and special pages to a given set of user groups. This
> | provides a more fine grained security model than the one provided by
> the
> | default $wgGroupPermissions and $wgNamespaceProtection settings.
>
> I'm not quite sure but judging from that description it looks like
> your
> issues might be caused by this extension.
>
> > Are the pages "viewed" with a different user when the book is created?
> different from what?
> ===========================
>
> When I log in to the wiki, I have permissions to all pages. When I
> render a page, is there another user account that is being used to do
> the rendering? What I'm saying is, if I have access to a page, why
> wouldn't the renderer generate that page?
Because the render server, running on a completely different host, different IP
address and without any access control cookies, has to download the pages you
have asked for. The render server doesn't have access to your username and
password (think what a security hole that would be), so it can't access the
pages as you. It also doesn't read the pages in rendered form like you do, but
via the mediawiki API, which may or may not be affected in the same way by the
lockdown extension.
> Doesn't it just use the login of the person signed-in? If not, what
> values should I put there? Should I really hard-code a password?
You should hard-code the user name and password of a dummy account which has
read but not edit access to all the relevant pages (including templates and
images), so that when the render server needs to download content from the wiki
it can do so. This is covered in the README file for the Collection extension.
This password will be sent in clear text between the wiki server and the render
server, so as it says, this is not a good option to use for security-critical
applications. In those cases it is better to have a local render server that
does not require log-in to the wiki server to read pages (because it's (fixed)
IP address is recognised as OK by the wiki server, it is within the local
network, etc), or to run the whole lot over SSL (see notes in the README if you
have to use a self-signed SSL certificate).
Richard Ash
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"mwlib" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/mwlib?hl=en
-~----------~----~----~----~------~----~------~--~---
