On Donnerstag, 17. Januar 2008, Asheesh Laroia wrote: > On Fri, 26 Oct 2007, [EMAIL PROTECTED] wrote: > > Although I also wished there would be an easy solution to let only > > specific user groups view certain parts of a page there doesn't seem to > > exist an extention or other solution which addresses all the related > > problems according to > > http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensio > >ns > > http://www.mediawiki.org/wiki/Category:Page_specific_user_rights_extensio > >ns > > I will give those a more careful read through. In general, I accept that > it may not be perfect; at least attacks based on the above problems can be > detected in our Apache logs. > > > Even if there would be a way to hide certain SMW properties in the > > factbox (as its easy to hide them on the page itself) I don't see a > > straightforward method to hide these data in the page source when the > > page is edited. Hidding all factboxes via $smwgShowFactbox and > > restricting editing to admins on those pages doesn't seem very > > desirable. > > For my case, I modified the Factbox to not show attributes with "secret_" > as a substring of their name, and I'm planning on restricting edits and > even view-source for those pages. > > It's not a whole lot of pages, just people's user pages with their > personal information (the idea is that the site admins want to use this to > e.g. send things to the users in the mail, and want to use SMW queries to > pick out who to send things to, but the users may not be comfortable > publishing that publicly) - so restricting edits on those pages is no > problem for us. > > Thanks to all who contributed to this thread; maybe in another three > months I'll report back.
Thanks, but I have doubts that there is an easy way for hiding SMW-content selectively! Note that property values can also be retrieved by queries (inlines in #ask or via Special:Ask), through browsing specials (Special:Browse, ...), or via OWL/RDF (Special:ExportRDF). Hiding "secret_..." in Factboxes is a very weak measure. The first other thing one could do is to include a simliar check in all functions of SMW_SQLStore.php that deal with properties! Even that might leave holes though, and my official answer would be: do to not use MediaWiki/SMW for selectively publishing sensitive data! Regards, Markus > > -- Asheesh. -- Markus Krötzsch Institut AIFB, Universät Karlsruhe (TH), 76128 Karlsruhe phone +49 (0)721 608 7362 fax +49 (0)721 608 5998 [EMAIL PROTECTED] www http://korrekt.org
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Semediawiki-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/semediawiki-devel
