Manual:Security/old

MediaWiki has a highly customizable security architecture. Its main features are:
 * Access restrictions based on IP or user ID
 * Group-based permissions architecture
 * Plugin architecture for customized determination of user identity
 * Customizable user rights assignment architecture

This is a collection of links that might be the starting point for an overview article on system security in MediaWiki:


 * General
 * Category:User access extensions
 * Configuration Settings: Access
 * meta:Category:MediaWiki authentication
 * meta:Documentation:Security


 * Planning/Requirements gathering
 * Manual:Before installing


 * User authorization
 * Authentication
 * AuthPlugin - describes plug-in architecture for determining user identity
 * Manual:$wgAuth - configuration variable used by plug-in architecture
 * Category:Authentication and login - authorization extensions available
 * Manual:FAQ


 * Monitoring user activity
 * Category:User activity extensions


 * Assignment of access rights by IP, user identity
 * Access control
 * Manual:FAQ
 * Manual:FAQ
 * Help:User rights - describes configuration of the default MediaWiki rights architecture
 * Manual:Preventing access - various tips and how-tos
 * Manual:Image Authorization - IP/user-based restrictions on access to images
 * Security issues with authorization extensions
 * Category:User rights extensions - extensions that assist in user rights management
 * Hidden pages
 * Page access restriction with MediaWiki
 * Configuration variables: Manual:$wgGroupPermissions, Manual:$wgAddGroups, Manual:$wgRemoveGroups
 * Special:Userrights


 * Security-enhanced MediaWiki versions/sample installations
 * GroupWikiBase
 * Extension:BizzWiki


 * Security alerts
 * Security - how to report problems, receive notifications
 * Template:Security alert
 * Template:XSS alert
 * Category:Extensions with XSS vulnerabilities


 * Technical details
 * database schema: User groups table, User table, Revision table, Recentchanges table
 * hooks: UserLoginForm, UserLoginComplete, UserLogout, UserLogoutComplete, UserEffectiveGroups, UserGetImplicitGroups, UserGetRights
 * code: User.php
 * Manual:Special pages - instructions for designing access rights-aware special pages.