Manual:Security/old

MediaWiki has a highly customizable security architecture. Its main features are:
 * Access restrictions based on IP or user id
 * Group based permissions architecture
 * Plugin architecture for customized determiniation of user identity
 * Customizable user rights assignment architecture

This is a collection of links that might be the starting point for an overview article on system security in MediaWiki:


 * Planning/Requirements gathering
 * Manual:Before installing


 * User authorization
 * Authentication
 * AuthPlugin - describes plug-in architecture for determining user identity
 * Manual:$wgAuth - configuration variable used by plug-in architecture
 * Category:Authentication and Login - authorization extensions available
 * Manual:FAQ


 * Assignment of access rights by IP, user identity
 * Access control
 * Manual:FAQ
 * Manual:FAQ
 * Help:User rights - describes configuration of the default MediaWiki rights architecture
 * Manual:Preventing access - various tips and how-tos
 * Manual:Image Authorisation - IP/user based restrictions on access to images
 * Security issues with authorization extensions
 * Category:Page Access Control Extensions - extensions that assist in user rights management
 * Hidden pages
 * Page access restriction with MediaWiki
 * Manual:$wgGroupPermissions
 * Manual:$wgAddGroups
 * Manual:$wgRemoveGroups
 * Special:Userrights


 * Monitoring user activity


 * Security enhanced MediaWiki versions/sample installations
 * GroupWikiBase
 * Extension:BizzWiki


 * Security alerts
 * Template:Security alert
 * Template:XSS alert
 * Category:Extensions with XSS vulnerabilities


 * Technical details
 * database schema: User groups table, User table, Revision table, Recentchanges table
 * hooks:, , , , , ,
 * code:
 * Manual:Special pages - instructions for designing access rights aware special pages.


 * General
 * Category:Authentication and Authorization Extensions
 * Configuration Settings: Access
 * meta:Category:MediaWiki authentication