I guess that one option for you will be to hire somebody or some company for developing Lockdown further so that they can cover all the holes from which the information can bet got. HalloWelt itself is a perfect candidate and we also have a lot more developers available [1]. Probably you will also want to hire different contractor that will try to steal the data from the modified extension.
Of course, after some time the extension will stop working because of ugly hacks that will definetely appear in the code. Another and more proper solution is not so fast, that is: to lobby the proper ACL support in MediaWiki core before starting development. MediaWiki is used as an enterprise wiki and the impossibility of good ACL should not be considered as not some kind of philosophy of the software (as some people claims) but as a bug that needs fixing. Still even in this case the actual development of ACL won't be done by WMF - they aren't just interested in it. But if we would have carte blanche for patching the core and not been declined because "MW is an Open System, it has not been Designed to allow ACL support", I think many parties will be interested to fund the development. [1] www.mediawiki.org/wiki/Professional_development_and_consulting ----- Yury Katkov, WikiVote On Sat, Aug 24, 2013 at 1:36 AM, Pierre Labrecque <[email protected]> wrote: > Hello, > > > > We continue to do our homeworks concerning a project we have to build a wiki > for our enterprise: 80 000 employees, but only 1000 of them could have > access to the wiki: usually in read, some people in read/write. We will need > per namespace security: some namespaces should not be read by some groups… > We don’t want to go with many tons of wikis installation… > > > > I wrote a post on another mailing list about it a couple of days ago: > http://www.gossamer-threads.com/lists/wiki/mediawiki/381274 > > I had some very good and helpful comments, but it’s after that I found > another mailing list (this one), which seems dedicated to the enterprise > usage of Mediaiwki. > > > > Here are the requierement we have: > > > > Main page > > - NamespaceA (read for departmentA only) > > - NamespaceB (read for departmentB only) > > - …. > > - NamespaceZ (read for departmentZ) > > Sometimes, someone of departmentA will need read access to NamespaceZ, etc… > > > > I would like to have some testimonials: your experiences, your > recommendations… on a specific aspect of Mediawiki: ACL !!! (recurring > topic, I believe…). > > > > I read > http://blog.blue-spice.org/2012/10/23/mediawiki-vs-confluence-not-a-question-of-features/ > and found that they use Lockdown and some other extensions around it, to > secure the wiki > > As everyone, I read > http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions > and > http://www.mediawiki.org/wiki/Category:Page_specific_user_rights_extensions > > So, I wrote to BlueSpice team to know if they believe that Lockdown is > really secure to write sensitive data in a Mediawiki wiki. Answer was > honest: no (as expected). > > > > I wrote also to the guy who founded Intelpedia (Josh Bancroft) and he > confirms that Mediawiki is the wrong tool to manage that kind of ACL and > that they use other tools for sensitive data, not their wiki… I didn’t > insist to know which other tool… I was impressed that a guy at this level > take the time to answer me, so… J > > > > Anyway, could you tell me what is the kind of setup you have on this side > (ACL) ? Certainly that some of you use in the facts an ACL extension > (Lockdown or others) ? Do you trust them ? Do you have implement some other > kind of security ? etc… Wikifarm ? etc… > > > Sincerely, I believe I have read enough on the web about the subject… now, I > need some concrete experiences, from real persons, in real enterprises,… > > > > Voilà. > > > > Thanks ! > > > > Pierre > > > _______________________________________________ > Mediawiki-enterprise mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise > _______________________________________________ Mediawiki-enterprise mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise
