Changes

Test Web Server Documentation (view source)

Revision as of 17:36, 22 January 2016

461 bytes added , 17:36, 22 January 2016

no edit summary

The thing is, IntraACL has its own system of groups. So we can either focus entirely on IntraACL groups or try to apply broad changes with Mediawiki groups and LocalSettings.php $wgGroupPermissions. I think we should try going with IntraACL's groups...

== Finding Holes in IntraACL (1/22/16) ==

Going through the issues on [https://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions this Mediawiki page]

* Inclusion/Transclusion

* Preloading

* XML Export (Special:Export)

* Atom/RSS Feeds

* Listings & Search

Pages that can't be read still have their titles show up in search auto-complete, but not in search results. Can disable search-box autocomplete, as shown on [https://www.mediawiki.org/wiki/Manual:Enabling_autocomplete_in_search_box this Mediawiki page]

* Diff & Revision Links

* API

* Action Links

* Related Rights

* Author Backdoor

* Caching

* Files & Images

* Redirects

* Edit Section

* Watching Pages

* Other Extensions

Anonymous user

imported>Alex

Changes

Test Web Server Documentation (view source)

Revision as of 17:36, 22 January 2016

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Sites

Sections

Organizations

Help

Tools