More secure version suggestion

Jump to: navigation, search

The page says that this extension has a major security risk because these functions can be used to superficially hide information from sysops and can expose e-mail address.

I have some suggestions to enhances this extension and make it safe:

  • Limit its functionnality to some namespace where only sysops can modify pages (MediaWiki:) to define message.
  • Add the possibility to select only some functionnality of this extension and disable the other (like #useremail).

It would be great to enable this extension on Wikimedia sites, in particular for the #username, otherwise the {{gender:}} tag is quite useless.

DavidL12:46, 30 September 2011

Hi, after some comments from Platonides here: Special:Code/MediaWiki/106597, I rechecked this page and I've seen your comments. I'm going to add these possibilities. Would you and other users suggest some defaults for each of these two points?

Toniher00:15, 21 December 2011

Perhaps a setting like $wgUFDisclosePrivateInformation might be a good idea to control if #realname, #useremail should be enabled or not. Something like $wgUFDiscloseRealName or $wgUFDiscloseUserName would allow a more fine grained control, but I do not think that is necessary. To remove these functions is not a good idea since there are valid usecases around for wikis. Cheers

[[kgh]]20:38, 23 December 2011

I just saw that you already introduced this improvement three days ago. Shame on me. Cool and thank you.

[[kgh]]16:53, 24 December 2011

Hey, no problem. I've just also added also the NS allowance/blocking suggestion from DavidL. Happy New Year to all!

Toniher11:27, 3 January 2012
 
 
 
 
Retrieved from "http://www.mediawiki.org/wiki/Thread:Extension_talk:UserFunctions/More_secure_version_suggestion#More_secure_version_suggestion_10345"
Personal tools

Variants
Actions
Navigation
Support
Download
Development
Communication
Toolbox