On Thu, Feb 28, 2008 at 7:46 AM, Virgil Ierubino
<virgil.ierubino(a)gmail.com> wrote:
Does anyone know how well this extension works? Has
anyone used it?
It claims to be able to restrict access to all pages except those on a
whitelist, FOR EACH INDIVIDUAL USER. The last part there, of course, being
the bit that makes me suspicious. The documentation on Meta mentions no
holes, workarounds, or flaws of any kind. Does this extension do what it
says on the tin?
See <http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions>.
It should be perfectly secure as long as the restrictions are kept
sufficiently stringent. MediaWiki fully supports setups where certain
groups can only, for instance, view the Main Page and
Special:Userlogin. You don't need an extension for this. If you're
allowing edit access, or allow access to things like special pages,
category pages, etc., I would not trust MediaWiki to do the job
effectively, with or without any extensions.