Extension AccessControl – MediaWiki

• 4.1 For version tag was placed at the beginning, a potential attacker may be able to see the names of contributing users! Listings & search Unless otherwise noted, if there is any page with protected content in search results, the user is redirected away. Since extension version 2.5, searching may be allowed too. But it should be borne in mind that the displayed search results can compromise sensitive data. Therefore, do not write in your wiki sensitive information, such as passwords, that could be obtained through a fulltext search if searching through the contents of pages protected through an access control is allowed! Inclusion/transclusion, related rights, & other extensions Pages containing the tag, or including another page protected by the tag, are secure.

The tag is processed in raw wikitext before HTML conversion. Warning:

Redirects The problem with redirection was repaired in version 1.1 API & action links For each anonymous user the action class is automatically set to false, besides the view attribute for unprotected pages. Allowed actions for authorized users depend on the permissions settings of MediaWiki and the username listed in the access list pages use. Edit Section & watching pages Options are available only to registered users if they are logged in and are on the security access list. Files & images Warning: The extension AccessControl does not protect files against direct access via URL! If files cannot be publicly available, they must be protected at the server level! XML export (Special Export) : Warning: AccessControl version < 2.0, was based on a hook unprotected from MediaWiki’s side before exporting pages to raw code. Therefore, if you use AccessControl version < 2.0, you must prohibit the special page to prohibit exporting the pages from MediaWiki. Author backdoor Extension AccessControl does not have a backdoor! Caching I recommend turning off caching. See the previous paragraphs.

* John Doe * Jane Doe ( ro ) Usernames listed with "(ro)" at the end can only read the protected article, not edit it. For other groups of users, you can create another member list with the name Department in another namespace. Tips To protect the IT namespace you can use the Lockdown extension, but you can also use the tag to protect it. Step 3: Additional Access Control [ edit ]

• This extension uses a MediaWiki hook that is called whenever a search result is displayed. This means that a page that has an ACL will trigger an "Access Denied" message for end users who happen to search for text contained in a protected page. A simple solution is to put pages that require AccessControl into another namespace and then disable searching for that namespace. Although this isn’t really a bug, it is undesirable behavior. Click here for an example showing a work around.

• Version 1.1 was tested on MediaWiki version 1.16.0(b3). Works fine, except that it needed a minor change to line 358 of AccessControl.php (remove ‘&’ from parameter to function controlEditAccess() ). When viewing a page on a Linux server, the tags show. But on a Windows server, the tags don’t show and it is fine! Still haven’t figured that one out, but it is ok for my application.