Category:Page specific user rights extensions

From MediaWiki.org
Jump to: navigation, search
Language: English  • Deutsch • italiano • 日本語 • русский

The Page specific user rights extensions category contains various extensions that attempt to restrict a user's access to specific pages based on the namespace, category links, and/or title patterns. Before installing one of these extensions, users should be aware that such extensions are likely to exhibit three significant problems:

  • caching problems: MediaWiki's page caching facilities do not currently support rights-specific caching. That means MediaWiki caches one versions of a page and then serves that page to everyone without rechecking to see if the next user has the proper rights. Any extension that tries to exclude or hide part of a page based on user rights is likely to result in performance declines (if caching is turned off) and/or security leaks when a page cached for a user with higher rights is later viewed by a user with lesser rights.
  • multiple exit paths: Page content has many exit paths in MediaWiki: direct page views, excerpts inserted into search results, special pages, RSS feeds, and numerous extensions that read directly from the MediaWiki database. There is no one exit path that either the MediaWiki core or its extensions rely on. Hence it is virtually impossible for any extension to provide full security.
  • system security: Content management security is inseparable from overall system security. The default MediaWiki configuration places database passwords in plain text on a file located on the same server as the mediawiki installation. There is no attempt to secure the host web server or underlying database. If the underlying system is insecure, any extension added on top of that system is also insecure.


Extension Pure extension Works with caching Works with MediaWiki groups Page-based access control Namespace-based access control Add ACL by editing page Add ACL via special page MediaWiki version supported
Extension:CrudeProtection Yes Yes No (User Based) Yes No Yes No ?
Extension:Group Based Access Control Yes No Yes Yes No Yes No 1.11.0+
Extension:Halo Access Control List No Yes Yes Yes Yes Yes Yes 1.13.2, 1.15.1 - 1.15.3, 1.16.0 or 1.17.2
IntraACL No Yes Yes Yes Yes Yes Yes Tested 1.18-1.21, newer may work
Extension:Lockdown Yes Yes Yes No Yes No No 1.13
Extension:NSFileRepo Yes Yes Yes No Yes No No 1.9-1.11,1.13,1.14,1.15(w/patches),1.16Beta2
Extension:Page access restriction No No Yes Yes Yes No Yes 1.4-1.7.1, 1.10
Extension:PageProtectionPlus Yes No Yes Yes (really section based) No Yes No 1.8,1.9.1
Extension:PageSecurity No No Yes Yes No Yes No 1.8,1.9
Extension:PrivatePageProtection Yes Yes Yes Yes No Yes No 1.18
Extension:Simple Security Yes No Yes Yes Yes Yes No 1.6+
Extension:WhiteList Yes Yes No (user based) Yes No No Yes 1.6.0+
Extension Pure extension Works with caching Works with MediaWiki groups Page-based access control Namespace-based access control Add ACL by editing page Add ACL via special page MediaWiki version supported
Extension Handles transclusion Handles preview Handles raw Handles search Handles export Handles rss/atom Handles recent changes Re-use LDAP groups
Extension:CrudeProtection No No No No No No No  ?
Extension:Group Based Access Control No  ?  ?  ?  ?  ?  ?  ?
Extension:Halo Access Control List Yes Yes Yes Yes (w/ patch) Yes No Yes Yes (with LDAP extension)
IntraACL Yes Yes Yes Yes (w/ patch) Yes Yes (w/ patch) Yes Yes (with LDAP extension)
Extension:Lockdown $wgNonincludableNamespaces $wgNonincludableNamespaces yes partial (title listed, but no content) yes partial (title listed, but no content) partial (title listed, but no content)  ?
Extension:NSFileRepo $wgNonincludableNamespaces $wgNonincludableNamespaces yes partial (title listed, but no content) yes partial (title listed, but no content) partial (title listed, but no content)  ?
Extension:Page access restriction  ?  ?  ? Yes Yes  ?  ?  ?
Extension:PageProtectionPlus  ?  ?  ?  ?  ?  ?  ?  ?
Extension:PageSecurity Yes Yes Yes Yes Yes No  ?  ?
Extension:PrivatePageProtection $wgNonincludableNamespaces $wgNonincludableNamespaces yes partial (title listed, but no content) yes partial (title listed, but no content) partial (title listed, but no content)  ?
Extension:Simple Security Yes (must enable db-hook)  ?  ? No  ?  ? No  ?
Extension:WhiteList No Yes Yes Yes (1.10+ hides article excerpts) Yes (1.10+) Yes (1.12+) No?  ?
Extension Handles transclusion Handles preview Handles raw Handles search Handles export Handles rss/atom Handles recent changes Re-use LDAP groups

See also[edit | edit source]

External links[edit | edit source]