User:CSteipp (WMF)/ISec Audit

= Setup =

Vagrant

 * Setup vagrant
 * Use 1024M memory
 * Enable roles: centralauth visualeditor pdfhandler svg parserfunctions checkuser echo flow multimediaviewer
 * Add checkuser group to Admin user

Image
(download link)

= Priorities =
 * 1) Upload, processing, and display of images/files (especially the handling of more obscure formats like svg, and Pdf/DjVu)
 * 2) Our wikitext -> html parsing in general
 * 3) * If time allows, include the lua template engine (Scribunto extension)
 * 4) VisualEditor extension
 * 5) * Focus on the frontend javascript and parsoid
 * 6) CentralAuth extension (our authentication and single sign-on extension)
 * 7) * Focus on password, session management, single sign-on and autologin protocols
 * 8) CheckUser extension (the extension that handles all of the User<->IP mapping, which we use for spam investigations mostly)
 * 9) Flow extension
 * 10) Mediaviewer
 * 11) Echo extension

In the audit, we're hoping to cover 1-6. Others extensions will be audited as time allows.

= Security Properties = See Security_for_developers/Architecture for a list of security properties and objectives for MediaWiki.

Also note that we've specifically decided not to protect a few things:
 * For a default wiki install, we do not attempt to protect the user names of site users. The list of all username is available at Special:ListUsers, and the edit history and Special:Log show the usernames of users who edited or created accounts. Private wikis can restrict access to all but a few pages to prevent usernames from being displayed, and when possible MediaWiki will attempt to support wikis that wish to keep these private. However, this is not guaranteed, and shouldn't be counted on by private wikis.
 * Except on private wikis, all content is assumed to be publicly accessible. See also Security_issues_with_authorization_extensions.