Re: [Mediawiki-enterprise] Re : Re: Gathering money for MediaWiki ACL (was: How do you manage the security in your Mediawiki installation (Enterprise wiki) ?)
> OK, I just wanted to say that now we have working patches for all actual MW > versions (1.18, 1.19, 1.20 and 1.21), and the storage-rewrite branch is at > least > "beta", i.e. it works and should have no critical bugs so you're welcome to > test it :) also I plan to translate the existing russian documentation page to > english soon. But even without it, simple use cases should be very easy to try > - you just need to install the extension, apply the patch, and try to protect > some pages by clicking "ACL" tab that will appear between "Article" and > "Talk" and then clicking "Create with editor" :) and you're welcome to ask me > here if you have any questions. Thanks Vitaliy !!! Very happy !!! I will wait for the translation to have examples and concepts... I want to use security per namespace, not per page in our case... Cheers ! -- pierre ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
[Mediawiki-enterprise] Re : Re: Gathering money for MediaWiki ACL (was: How do you manage the security in your Mediawiki installation (Enterprise wiki) ?)
Hello To be honnest I choosed Lockdown as I didnt find enough documentation and examples on IntraACL for now our project is still in test... so no problem to continue to test IntraACL... Cheers --- Message initial --- De : vita...@yourcmc.ru Envoyé : 15 octobre 2013 17:02 A : mediawiki-enterprise@lists.wikimedia.org Objet : Re: [Mediawiki-enterprise] Gathering money for MediaWiki ACL (was: How do you manage the security in your Mediawiki installation (Enterprise wiki) ?) Hi Pierre, by the way, what was your experience with IntraACL? :) ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] Gathering money for MediaWiki ACL (was: How do you manage the security in your Mediawiki installation (Enterprise wiki) ?)
Hello, I would like to know if there are some news on point 0 and 1 (see below: proposal of how ACL should work / including ACL into Roadmap). This is just for my info... Thanks ! -- pierre -Original Message- From: mediawiki-enterprise-boun...@lists.wikimedia.org [mailto:mediawiki-enterprise-boun...@lists.wikimedia.org] On Behalf Of Mark A. Hershberger Sent: Saturday, August 24, 2013 1:20 PM To: Yury Katkov; MediaWiki for enterprises Subject: Re: [Mediawiki-enterprise] Gathering money for MediaWiki ACL (was: How do you manage the security in your Mediawiki installation (Enterprise wiki) ?) On 08/24/2013 06:42 AM, Yury Katkov wrote: > 0) Writing a good proposal of how ACL should work. Will it be based on > namespaces? or maybe categories (although it's hard to imagine)? or > maybe per-page access? I can help to describe this vision document. > 1) coordination with WMF and including ACL into Roadmap. First we need > to be sure that the possible patches to the core: > - will not be rejected just because of philosofy of openness > - will not be removed after several versions I've got no ideas how > that can be done. Probably via RFC with signatures of interested > companies. ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
Well. I don't know too ! :-) I didn't find it and opened all files from the extension... Anyway: I deleted my VM and restore it (from a backup just before installing IntraACL),redid the install procedure and that time, no errors in Apache error log. Can't understand why as I did the very same procedure (copy/paste). Also, that time, I have an ACL tab in each page (I didn't had it in my first try, didn't know it exists...)... I really don't understand... I have done exactly the same thing... Here is the complete procedure I do: 1- edit LocalSettings.php and add these 2 lines: require_once("$IP/extensions/IntraACL/includes/HACL_Initialize.php"); enableIntraACL(); 2- I restart Apache (I thinks it's better as maybe LocalSettings.php is in the cache...?): service apache2 restart 3- I run these commands and none of them give error: cd /var/www/sites/mediawiki001 patch -p1 < extensions/IntraACL/patches/IntraACL-MediaWiki-1.21.1.diff php maintenance/update.php 4- restart Apache again... I browsed a lot in the site and Apache error log is perfect. The only error I have actually is: [Sun Aug 25 14:22:16 2013] [error] [client 192.168.0.100] File does not exist: /var/www/sites/mediawiki001/skins/common/edit.js, referer: http://SERVERNAME/sites/mediawiki001/index.php?title=Special:MultipleUpload Which doesn't concern IntraACL !!! (and MultipleUpload is probably not fully compatible with MW 1.21.x, so...) I browsed the site and nothing else appear in the error.log... Cheers ! -Original Message- From: Mark A. Hershberger [mailto:m...@nichework.com] Sent: Sunday, August 25, 2013 1:40 PM To: MediaWiki for enterprises Cc: Pierre Labrecque Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ? On 08/24/2013 04:12 PM, Pierre Labrecque wrote: > Now able to get the login page, but as soon I try to access something else, I > get an Error 500: > Apache error log give: > [Sat Aug 24 16:02:45 2013] [error] [client 192.168.0.100] PHP Parse > error: syntax error, unexpected T_OBJECT_OPERATOR in > /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_ParserFu > nctions.php on line 1365, referer: http:// servername > /sites/mediawiki001/index.php?title=Special:UserLogin I can't T_OBJECT_OPERATOR anywhere in the code for IntrACL. Where do you see it in the code? -- Mark A. Hershberger NicheWork LLC 717-271-1084 ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
Hello, Wow !!! Thanks for your time !!! Installation went well that time. I didn't see errors during the patch and update.php. I notice some errors in Apache error.log: Sun Aug 25 11:21:06 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.7 with Suhosin-Patch configured -- resuming normal operations [Sun Aug 25 11:22:32 2013] [error] [client 192.168.0.100] PHP Notice: Undefined variable: cluster in /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_ACLSpecial.php on line 282, referer: http://SERVERNAME/sites/mediawiki001/index.php?title=Special:IntraACL&action=quickaccess [Sun Aug 25 11:22:32 2013] [error] [client 192.168.0.100] PHP Warning: Invalid argument supplied for foreach() in /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_ACLSpecial.php on line 282, referer: http://SERVERNAME/sites/mediawiki001/index.php?title=Special:IntraACL&action=quickaccess [Sun Aug 25 11:22:32 2013] [error] [client 192.168.0.100] PHP Notice: Undefined index: in /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_ACLSpecial.php on line 341, referer: http://SERVERNAME/sites/mediawiki001/index.php?title=Special:IntraACL&action=quickaccess [Sun Aug 25 11:22:32 2013] [error] [client 192.168.0.100] PHP Warning: Invalid argument supplied for foreach() in /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_ACLSpecial.php on line 341, referer: http://SERVERNAME/sites/mediawiki001/index.php?title=Special:IntraACL&action=quickaccess [Sun Aug 25 11:22:32 2013] [error] [client 192.168.0.100] PHP Notice: Undefined variable: edges in /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_ACLSpecial.php on line 357, referer: http://SERVERNAME/sites/mediawiki001/index.php?title=Special:IntraACL&action=quickaccess [Sun Aug 25 11:22:32 2013] [error] [client 192.168.0.100] PHP Warning: Invalid argument supplied for foreach() in /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_ACLSpecial.php on line 357, referer: http://SERVERNAME/sites/mediawiki001/index.php?title=Special:IntraACL&action=quickaccess Also: I went to Special:IntraACL and understand that I will have to learn how it works :-) Is there a kind of "user guide" somewhere ? (in English, if possible :-), else I will try with Google Translate if in Russian...) I believe that http://wiki.4intra.net/IntraACL/ru is the user guide ??? Also: not sure, but I believe to have read somewhere that IntraACL isn't compatible with Semantic ? True ? False ? Thanks again ! Pierre -Original Message- From: mediawiki-enterprise-boun...@lists.wikimedia.org [mailto:mediawiki-enterprise-boun...@lists.wikimedia.org] On Behalf Of vita...@yourcmc.ru Sent: Sunday, August 25, 2013 10:52 AM To: MediaWiki for enterprises Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ? > [Sat Aug 24 16:02:45 2013] [error] [client 192.168.0.100] PHP Notice: > Only variable references should be returned by reference in > /var/www/sites/mediawiki001/includes/Title.php on line 343, referer: > > http://servername/sites/mediawiki001/index.php?title=Special:UserLogin Fixed, I didn't notice makeTitle is still "function &makeTitle(...)". Is & still needed here? (question to Mark or someone else) > [Sat Aug 24 16:02:45 2013] [error] [client 192.168.0.100] PHP Notice: > Undefined variable: titleObj in > /var/www/sites/mediawiki001/includes/specials/SpecialUserlogin.php on > line 1004, referer: http:// servername > /sites/mediawiki001/index.php?title=Special:UserLogin This one came from a previous patch (1.20.3). Fixed in master for both patches (1.20.3 and 1.21.1). > [Sat Aug 24 16:02:45 2013] [error] [client 192.168.0.100] PHP Notice: > Only variable references should be returned by reference in > /var/www/sites/mediawiki001/includes/Title.php on line 343, referer: > http:// servername > /sites/mediawiki001/index.php?title=Special:UserLogin Same as first. > [Sat Aug 24 16:02:45 2013] [error] [client 192.168.0.100] PHP Parse > error: syntax error, unexpected T_OBJECT_OPERATOR in > > /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_ParserFu > nctions.php on line 1365, referer: http:// servername > /sites/mediawiki001/index.php?title=Special:UserLogin This one was an incompatibility with PHP 5.3 (it worked with 5.4+). Fixed. > FYI: > Ubuntu 12.04.2 Server (x64) > Apache/2.2.22 (Ubuntu) > PHP Version 5.3.10-1ubuntu3.7 > MySQL 5.5.29-0ubuntu0.12.04.1 x86_64 > Mediawiki 1.21.1 > > Cheers ! Please try the master version again :) ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
Now able to get the login page, but as soon I try to access something else, I get an Error 500: Apache error log give: [Sat Aug 24 16:02:45 2013] [error] [client 192.168.0.100] PHP Notice: Only variable references should be returned by reference in /var/www/sites/mediawiki001/includes/Title.php on line 343, referer: http://servername/sites/mediawiki001/index.php?title=Special:UserLogin [Sat Aug 24 16:02:45 2013] [error] [client 192.168.0.100] PHP Notice: Undefined variable: titleObj in /var/www/sites/mediawiki001/includes/specials/SpecialUserlogin.php on line 1004, referer: http:// servername /sites/mediawiki001/index.php?title=Special:UserLogin [Sat Aug 24 16:02:45 2013] [error] [client 192.168.0.100] PHP Notice: Only variable references should be returned by reference in /var/www/sites/mediawiki001/includes/Title.php on line 343, referer: http:// servername /sites/mediawiki001/index.php?title=Special:UserLogin [Sat Aug 24 16:02:45 2013] [error] [client 192.168.0.100] PHP Parse error: syntax error, unexpected T_OBJECT_OPERATOR in /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_ParserFunctions.php on line 1365, referer: http:// servername /sites/mediawiki001/index.php?title=Special:UserLogin FYI: Ubuntu 12.04.2 Server (x64) Apache/2.2.22 (Ubuntu) PHP Version 5.3.10-1ubuntu3.7 MySQL 5.5.29-0ubuntu0.12.04.1 x86_64 Mediawiki 1.21.1 Cheers ! -Original Message- From: Mark A. Hershberger [mailto:m...@everybody.org] Sent: Saturday, August 24, 2013 3:39 PM To: MediaWiki for enterprises Cc: Pierre Labrecque Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ? On 08/24/2013 03:22 PM, Pierre Labrecque wrote: > cd /var/www/sites/mediawiki001 > patch -p1 extensions/IntraACL/patches/IntraACL-MediaWiki-1.21.1.diff > > When I press ENTER after the patch command, nothing append... it stay there > forever... > Just a cursor that doesn't blink, nothing... You are missing a character: patch -p1 < extensions/IntraACL/patches/IntraACL-MediaWiki-1.21.1.diff You see the blinking cursor and nothing else because patch is stupid and doesn't see that you've given it the patch file on the command line. It expects to read it from STDIN and that is what the "<" does. -- http://hexmode.com/ Love alone reveals the true shape of the universe. -- "Everywhere Present", Stephen Freeman ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
)(*&?)?&%(&?%$()(*%? I feel stupid... sorry about this one... Thanks ! -Original Message- From: Mark A. Hershberger [mailto:m...@everybody.org] Sent: Saturday, August 24, 2013 3:39 PM To: MediaWiki for enterprises Cc: Pierre Labrecque Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ? On 08/24/2013 03:22 PM, Pierre Labrecque wrote: > cd /var/www/sites/mediawiki001 > patch -p1 extensions/IntraACL/patches/IntraACL-MediaWiki-1.21.1.diff > > When I press ENTER after the patch command, nothing append... it stay there > forever... > Just a cursor that doesn't blink, nothing... You are missing a character: patch -p1 < extensions/IntraACL/patches/IntraACL-MediaWiki-1.21.1.diff You see the blinking cursor and nothing else because patch is stupid and doesn't see that you've given it the patch file on the command line. It expects to read it from STDIN and that is what the "<" does. -- http://hexmode.com/ Love alone reveals the true shape of the universe. -- "Everywhere Present", Stephen Freeman ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
FYI: I commented line 178 of extensions/IntraACL/includes/HACL_GlobalFunctions.php I modified LocalSettings.php (add the next 2 lines): require_once("$IP/extensions/IntraACL/includes/HACL_Initialize.php"); enableIntraACL(); Then: cd /var/www/sites/mediawiki001 patch -p1 extensions/IntraACL/patches/IntraACL-MediaWiki-1.21.1.diff When I press ENTER after the patch command, nothing append... it stay there forever... Just a cursor that doesn't blink, nothing... ?? -Original Message- From: Mark A. Hershberger [mailto:m...@nichework.com] Sent: Saturday, August 24, 2013 1:23 PM To: MediaWiki for enterprises Cc: Pierre Labrecque Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ? On 08/24/2013 12:51 PM, Pierre Labrecque wrote: > PHP Fatal error: Call to undefined function wfLoadExtensionMessages() Comment out line 178 of extensions/IntraACL/includes/HACL_GlobalFunctions.php and it should work. I'll submit a patch for the extension. -- Mark A. Hershberger NicheWork LLC 717-271-1084 ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
Maybe ??? http://www.mediawiki.org/wiki/Thread:Project:Support_desk/wfLoadExtensionMessages()_removed_from_1.21.1%3F I'm not a programmer :-) -Original Message- From: mediawiki-enterprise-boun...@lists.wikimedia.org [mailto:mediawiki-enterprise-boun...@lists.wikimedia.org] On Behalf Of Pierre Labrecque Sent: Saturday, August 24, 2013 12:51 PM To: 'MediaWiki for enterprises' Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ? Hello, Thanks for the update ! I tried with the latest in git (master) and got this error: root@euswebsrv01:/var/www/sites/mediawiki001# php maintenance/update.php ** WARNING: IntraACL security checks are disabled because ** $_SERVER[SERVER_NAME] is empty, which probably means we are in console PHP Fatal error: Call to undefined function wfLoadExtensionMessages() in /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_GlobalFunctions.php on line 178 Idea ? Cheers ! Pierre -Original Message- From: mediawiki-enterprise-boun...@lists.wikimedia.org [mailto:mediawiki-enterprise-boun...@lists.wikimedia.org] On Behalf Of vita...@yourcmc.ru Sent: Saturday, August 24, 2013 11:35 AM To: MediaWiki for enterprises Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ? > First of all: thank you for all your comments and efforts ! I really > appreciate all of them ! When I see all this, I take confidence in the > human being... You have all my respect. > > Seems that we may have a potential solution (?) :-) > > I know that we can't close all doors... it is perhaps not prevent all > risks, but to learn how to manage the limit (can we say that in > english ???) > > I downloaded IntraACL from the "storage-rewrite" git branch to do a > test. > Under patches/ there is no IntraACL-MediaWiki-*.diff for our Mediawiki > version: 1.21.1 Anyway, I have done a backup of our dev virtual > machine and then try to to apply IntraACL-MediaWiki-1.20.3.diff to our > 1.21.1 installation (just to try and guess): of course I got some > errors on lines ... > > Question: is there a IntraACL-MediaWiki-xxx.diff for 1.21.1 somewhere > ? Else, do you suggest to install 1.20.3 (or 1.20.6) instead of the > latest MV version ? (because there is an available diff for > 1.20.3...) > > Again: thanks you all I'm sure storage-rewrite still has bugs, so I think you should better take master by now. Rewritten version will be totally compatible with current one (the update will be as easy as just running maintenance/update.php). I've updated the patch for 1.21.1 - it's not so hard, but I didn't test the result yet :-)) you can pull from master and try it out :) ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
Hello, Thanks for the update ! I tried with the latest in git (master) and got this error: root@euswebsrv01:/var/www/sites/mediawiki001# php maintenance/update.php ** WARNING: IntraACL security checks are disabled because ** $_SERVER[SERVER_NAME] is empty, which probably means we are in console PHP Fatal error: Call to undefined function wfLoadExtensionMessages() in /var/www/sites/mediawiki001/extensions/IntraACL/includes/HACL_GlobalFunctions.php on line 178 Idea ? Cheers ! Pierre -Original Message- From: mediawiki-enterprise-boun...@lists.wikimedia.org [mailto:mediawiki-enterprise-boun...@lists.wikimedia.org] On Behalf Of vita...@yourcmc.ru Sent: Saturday, August 24, 2013 11:35 AM To: MediaWiki for enterprises Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ? > First of all: thank you for all your comments and efforts ! I really > appreciate all of them ! When I see all this, I take confidence in the > human being... You have all my respect. > > Seems that we may have a potential solution (?) :-) > > I know that we can't close all doors... it is perhaps not prevent all > risks, but to learn how to manage the limit (can we say that in > english ???) > > I downloaded IntraACL from the "storage-rewrite" git branch to do a > test. > Under patches/ there is no IntraACL-MediaWiki-*.diff for our Mediawiki > version: 1.21.1 Anyway, I have done a backup of our dev virtual > machine and then try to to apply IntraACL-MediaWiki-1.20.3.diff to our > 1.21.1 installation (just to try and guess): of course I got some > errors on lines ... > > Question: is there a IntraACL-MediaWiki-xxx.diff for 1.21.1 somewhere > ? Else, do you suggest to install 1.20.3 (or 1.20.6) instead of the > latest MV version ? (because there is an available diff for > 1.20.3...) > > Again: thanks you all I'm sure storage-rewrite still has bugs, so I think you should better take master by now. Rewritten version will be totally compatible with current one (the update will be as easy as just running maintenance/update.php). I've updated the patch for 1.21.1 - it's not so hard, but I didn't test the result yet :-)) you can pull from master and try it out :) ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
Hello ! I tried and got this error: -Original Message- From: mediawiki-enterprise-boun...@lists.wikimedia.org [mailto:mediawiki-enterprise-boun...@lists.wikimedia.org] On Behalf Of vita...@yourcmc.ru Sent: Saturday, August 24, 2013 11:35 AM To: MediaWiki for enterprises Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ? > First of all: thank you for all your comments and efforts ! I really > appreciate all of them ! When I see all this, I take confidence in the > human being... You have all my respect. > > Seems that we may have a potential solution (?) :-) > > I know that we can't close all doors... it is perhaps not prevent all > risks, but to learn how to manage the limit (can we say that in > english ???) > > I downloaded IntraACL from the "storage-rewrite" git branch to do a > test. > Under patches/ there is no IntraACL-MediaWiki-*.diff for our Mediawiki > version: 1.21.1 Anyway, I have done a backup of our dev virtual > machine and then try to to apply IntraACL-MediaWiki-1.20.3.diff to our > 1.21.1 installation (just to try and guess): of course I got some > errors on lines ... > > Question: is there a IntraACL-MediaWiki-xxx.diff for 1.21.1 somewhere > ? Else, do you suggest to install 1.20.3 (or 1.20.6) instead of the > latest MV version ? (because there is an available diff for > 1.20.3...) > > Again: thanks you all I'm sure storage-rewrite still has bugs, so I think you should better take master by now. Rewritten version will be totally compatible with current one (the update will be as easy as just running maintenance/update.php). I've updated the patch for 1.21.1 - it's not so hard, but I didn't test the result yet :-)) you can pull from master and try it out :) ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
Good morning from Canada, First of all: thank you for all your comments and efforts ! I really appreciate all of them ! When I see all this, I take confidence in the human being... You have all my respect. Seems that we may have a potential solution (?) :-) I know that we can't close all doors... it is perhaps not prevent all risks, but to learn how to manage the limit (can we say that in english ???) I downloaded IntraACL from the "storage-rewrite" git branch to do a test. Under patches/ there is no IntraACL-MediaWiki-*.diff for our Mediawiki version: 1.21.1 Anyway, I have done a backup of our dev virtual machine and then try to to apply IntraACL-MediaWiki-1.20.3.diff to our 1.21.1 installation (just to try and guess): of course I got some errors on lines ... Question: is there a IntraACL-MediaWiki-xxx.diff for 1.21.1 somewhere ? Else, do you suggest to install 1.20.3 (or 1.20.6) instead of the latest MV version ? (because there is an available diff for 1.20.3...) Again: thanks you all Pierre -Original Message- From: mediawiki-enterprise-boun...@lists.wikimedia.org [mailto:mediawiki-enterprise-boun...@lists.wikimedia.org] On Behalf Of vita...@yourcmc.ru Sent: Saturday, August 24, 2013 6:03 AM To: mediawiki-enterprise@lists.wikimedia.org Subject: Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ? Hi all! About ACLs - do you know about our "IntraACL" extension? (based on earlier one "HaloACL" by ontoprise company) https://github.com/mediawiki4intranet/IntraACL/ It has full protection of pages for reading via core patches, in listings and etc; ACLs can be configured on a page, category or namespace basis. "Stable" version consists of a totally rewritten UI and a modified HaloACL backend (though not so heavily modified). Now we use it on our corporate wikis. But just like the UI was, HaloACL backend is also designed very poorly (it's slow and it's written too verbosely), so now I'm doing a total rewrite of it - it's in the "storage-rewrite" git branch. It's almost ready, I should just test it and add some additional maintenance features. Automated tests are also in development now. Of course the extension isn't perfect - there are some ideological problems, for example some combinations of page/category/namespace rights are not always obvious for users (and there are 3 override modes); page/category/namespace ACLs are a mess if you want to really restrict editing of ACLs themselves; also, now there is a hardcode - "sysop" and "bureaucrat" MW groups are always super-users. But assuming you have no people that want to _really_ abuse your right system - which is usually a correct assumption in corporate environment - the extension is good enough for everyday use. So! :) Everyone is welcome to test it and tell us about good ideas if you have some :) (my main question which I can't really solve by myself is - what right system would be really convenient to use in MediaWiki's flat page structure with categories?) -- With best regards, Vitaliy Filippov ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
Re: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
Open System, it has not been Designed to allow ACL support", I think many parties will be interested to fund the development. [1] www.mediawiki.org/wiki/Professional_development_and_consulting - Yury Katkov, WikiVote On Sat, Aug 24, 2013 at 1:36 AM, Pierre Labrecque wrote: > Hello, > > > > We continue to do our homeworks concerning a project we have to build > a wiki for our enterprise: 80 000 employees, but only 1000 of them > could have access to the wiki: usually in read, some people in > read/write. We will need per namespace security: some namespaces > should not be read by some groups… We don’t want to go with many tons > of wikis installation… > > > > I wrote a post on another mailing list about it a couple of days ago: > http://www.gossamer-threads.com/lists/wiki/mediawiki/381274 > > I had some very good and helpful comments, but it’s after that I found > another mailing list (this one), which seems dedicated to the > enterprise usage of Mediaiwki. > > > > Here are the requierement we have: > > > > Main page > > - NamespaceA (read for departmentA only) > > - NamespaceB (read for departmentB only) > > - …. > > - NamespaceZ (read for departmentZ) > > Sometimes, someone of departmentA will need read access to NamespaceZ, > etc… > > > > I would like to have some testimonials: your experiences, your > recommendations… on a specific aspect of Mediawiki: ACL !!! (recurring > topic, I believe…). > > > > I read > http://blog.blue-spice.org/2012/10/23/mediawiki-vs-confluence-not-a-qu > estion-of-features/ and found that they use Lockdown and some other > extensions around it, to secure the wiki > > As everyone, I read > http://www.mediawiki.org/wiki/Security_issues_with_authorization_exten > sions > and > http://www.mediawiki.org/wiki/Category:Page_specific_user_rights_exten > sions > > So, I wrote to BlueSpice team to know if they believe that Lockdown is > really secure to write sensitive data in a Mediawiki wiki. Answer was > honest: no (as expected). > > > > I wrote also to the guy who founded Intelpedia (Josh Bancroft) and he > confirms that Mediawiki is the wrong tool to manage that kind of ACL > and that they use other tools for sensitive data, not their wiki… I > didn’t insist to know which other tool… I was impressed that a guy at > this level take the time to answer me, so… J > > > > Anyway, could you tell me what is the kind of setup you have on this > side > (ACL) ? Certainly that some of you use in the facts an ACL extension > (Lockdown or others) ? Do you trust them ? Do you have implement some > other kind of security ? etc… Wikifarm ? etc… > > > Sincerely, I believe I have read enough on the web about the subject… > now, I need some concrete experiences, from real persons, in real > enterprises,… > > > > Voilà. > > > > Thanks ! > > > > Pierre > > > ___ > Mediawiki-enterprise mailing list > Mediawiki-enterprise@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise > ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
[Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?
Hello, We continue to do our homeworks concerning a project we have to build a wiki for our enterprise: 80 000 employees, but only 1000 of them could have access to the wiki: usually in read, some people in read/write. We will need per namespace security: some namespaces should not be read by some groups We dont want to go with many tons of wikis installation I wrote a post on another mailing list about it a couple of days ago: http://www.gossamer-threads.com/lists/wiki/mediawiki/381274 I had some very good and helpful comments, but its after that I found another mailing list (this one), which seems dedicated to the enterprise usage of Mediaiwki. Here are the requierement we have: Main page - NamespaceA (read for departmentA only) - NamespaceB (read for departmentB only) - . - NamespaceZ (read for departmentZ) Sometimes, someone of departmentA will need read access to NamespaceZ, etc I would like to have some testimonials: your experiences, your recommendations on a specific aspect of Mediawiki: ACL !!! (recurring topic, I believe ). I read http://blog.blue-spice.org/2012/10/23/mediawiki-vs-confluence-not-a-question -of-features/ and found that they use Lockdown and some other extensions around it, to secure the wiki As everyone, I read http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions and http://www.mediawiki.org/wiki/Category:Page_specific_user_rights_extensions So, I wrote to BlueSpice team to know if they believe that Lockdown is really secure to write sensitive data in a Mediawiki wiki. Answer was honest: no (as expected). I wrote also to the guy who founded Intelpedia (Josh Bancroft) and he confirms that Mediawiki is the wrong tool to manage that kind of ACL and that they use other tools for sensitive data, not their wiki I didnt insist to know which other tool I was impressed that a guy at this level take the time to answer me, so J Anyway, could you tell me what is the kind of setup you have on this side (ACL) ? Certainly that some of you use in the facts an ACL extension (Lockdown or others) ? Do you trust them ? Do you have implement some other kind of security ? etc Wikifarm ? etc Sincerely, I believe I have read enough on the web about the subject now, I need some concrete experiences, from real persons, in real enterprises, Voilà. Thanks ! Pierre ___ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise