Permission to only access certain articles for users?

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Permission to only access certain articles for users?

Markus Fischer-5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

we're using MediaWiki for our corporate intranet documentation and
sometimes have outside workers which should not be granted access to the
complete wiki because it may contain all kind of sensitive information.

Is there *some* way implemented to restrict access for groups of users
to documentes? Like only accessing documents in a certain namespace or
from within a certain category?

thanks
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFErkOo1nS0RcInK9ARAiXeAJ4oM7Y0EmkHdDfvJoS9Ln3pYzCdxwCg4nRi
EdD25tQRy0nv/HDqj88lR9k=
=mU6J
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Permission to only access certain articles for users?

COURTAUD Didier
Hi

Just look at : http://meta.wikimedia.org/wiki/Hidden_pages

DC

On Fri, Jul 07, 2006 at 01:21:12PM +0200, Markus Fischer wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> we're using MediaWiki for our corporate intranet documentation and
> sometimes have outside workers which should not be granted access to the
> complete wiki because it may contain all kind of sensitive information.
>
> Is there *some* way implemented to restrict access for groups of users
> to documentes? Like only accessing documents in a certain namespace or
> from within a certain category?
>
> thanks
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFErkOo1nS0RcInK9ARAiXeAJ4oM7Y0EmkHdDfvJoS9Ln3pYzCdxwCg4nRi
> EdD25tQRy0nv/HDqj88lR9k=
> =mU6J
> -----END PGP SIGNATURE-----
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Permission to only access certain articles for users?

Mike M-16
In reply to this post by Markus Fischer-5
On 7/7/2006 at 1:21 PM Markus Fischer wrote:
|we're using MediaWiki for our corporate intranet documentation and
|sometimes have outside workers which should not be granted access to
the
|complete wiki because it may contain all kind of sensitive
information.
|
|Is there *some* way implemented to restrict access for groups of users
|to documentes? Like only accessing documents in a certain namespace or
|from within a certain category?
 =============


Unfortunately, you are using the wiki for a task it was not designed to
do.  The wiki was designed as an open information system, everything is
public.  Indeed, the "wiki philosophy" often states the 'everything is
public' mantra.  As a result, the patches to allow for any manner of
restricted access are at best a kludge, at worst an ongoing maintenance
problem.  

Because of the "everything is public" mantra, I doubt if there will
ever be a reliable, robust, secure and maintained solution to the
problem you pose.  

My solution was to set up a second wiki behind apache's
authorization/authentication model, so that only the people who need to
see the pages of that wiki were able to access it.




_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Permission to only access certain articles for users?

Alexis Moinet
In reply to this post by Markus Fischer-5
Markus Fischer a écrit :
> Is there *some* way implemented to restrict access for groups of users
> to documentes? Like only accessing documents in a certain namespace or
> from within a certain category?

Does this help : http://meta.wikimedia.org/wiki/Page_access_restriction_with_MediaWiki ?

_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Permission to only access certain articles for users?

Rob Church
In reply to this post by Markus Fischer-5
On 07/07/06, Markus Fischer <[hidden email]> wrote:
> Is there *some* way implemented to restrict access for groups of users
> to documentes? Like only accessing documents in a certain namespace or
> from within a certain category?

Run now and install a proper document management system. And my
strongest advice is to IGNORE any post pointing you at any third party
hack to the software which promises to add this; as far as I know,
*all* such hacks presently don't patch enough to completely block
access to restricted content.


Rob Church
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Permission to only access certain articles for users?

Bugzilla from sy1234@gmail.com
On 7/7/06, Rob Church <[hidden email]> wrote:

> On 07/07/06, Markus Fischer <[hidden email]> wrote:
> > Is there *some* way implemented to restrict access for groups of users
> > to documentes? Like only accessing documents in a certain namespace or
> > from within a certain category?
>
> Run now and install a proper document management system. And my
> strongest advice is to IGNORE any post pointing you at any third party
> hack to the software which promises to add this; as far as I know,
> *all* such hacks presently don't patch enough to completely block
> access to restricted content.

I second that.  The only proper way for me has been to maintain a
small wiki farm of multiple installations, where the different
installations have different users, don't allow signup and block
anonymous views.

For actual security, we have PGP-encrypted blocks of text.  Yeah, not
exactly wiki.. but useful for managing certain docs in an "easy
enough" way.

I still theorize some kind of wacky apache security measure which has
security restrictions overtop of sub-items.  Something like:

[[normal]]
[[normal/protected]]

Pipe dream, I know.  =)
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Permission to only access certain articles for users?

Gregory Szorc-2
In reply to this post by Rob Church
On 7/7/06, Rob Church <[hidden email]> wrote:

>
> On 07/07/06, Markus Fischer <[hidden email]> wrote:
> > Is there *some* way implemented to restrict access for groups of users
> > to documentes? Like only accessing documents in a certain namespace or
> > from within a certain category?
>
> Run now and install a proper document management system. And my
> strongest advice is to IGNORE any post pointing you at any third party
> hack to the software which promises to add this; as far as I know,
> *all* such hacks presently don't patch enough to completely block
> access to restricted content.



If only the UserCan hook was called more and more.  I would love a global
variable like $wgInsanePermissions that, when activated, would have Article
and Title constructors, etc call UserCan for ($wgUser).
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Permission to only access certain articles for users?

Rob Church
On 08/07/06, Gregory Szorc <[hidden email]> wrote:
> If only the UserCan hook was called more and more.  I would love a global
> variable like $wgInsanePermissions that, when activated, would have Article
> and Title constructors, etc call UserCan for ($wgUser).

It wouldn't help, though, because MediaWiki is built around being able
to access the content via hundreds of different methods...hence the
reason all these hacks don't work 100%.


Rob Church
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Permission to only access certain articles for users?

Markus Fischer-5
In reply to this post by Markus Fischer-5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for all the feedback. I appriciate all emails I received,
especially the ones remining me that "that's not the wiki way" which I
also think is right.

Since I'm not a fan of patches (have to reapply after updates, not
something I want to spend time to), I'll probably go with another
approach: have a special Category in the 'intranet' wiki and only pages
in those Category will be replicated to another mediawiki installation
in the 'extranet' where users have to rights to edit ages, only view
them after auth.

I think that's the currently one of the best approaches, that way I
don't have to fear that users might find a hole in one of the pages if
just the content they're allowed to see is in their 'extranet' installation.

- - Markus

Markus Fischer wrote:

> Hi,
>
> we're using MediaWiki for our corporate intranet documentation and
> sometimes have outside workers which should not be granted access to the
> complete wiki because it may contain all kind of sensitive information.
>
> Is there *some* way implemented to restrict access for groups of users
> to documentes? Like only accessing documents in a certain namespace or
> from within a certain category?
>
> thanks
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEsTZf1nS0RcInK9ARAuLzAJ0Tod2dwb1mZ2+5IY02i3eEegF4lwCg16za
Gfxbyo5IxL5eoHS9MuSL4i0=
=HR3z
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l