Thread:Project:Support desk/File Access Security Gap/reply (2)

> basically, if you want to keep information private: Don't post them on the internet.

This is obvious.

I was wondering how good files are protected by media wiki.

> Maybe it would be possible to restrict access, e.g. via .htaccess password protection, 

I think it is, but you have to login twice for that.

That is the point - whether it is possible to merge to state of being logged in in wiki and authentification state in apache.

Meaning, if you are already logged into wiki, wiki tells apache (or logs in the apache for the user) it's you, logged in already, so it is not neccessary for the user to login twice (1x wiki, 1x apache).

Do you copy?

Accourding distribution of data, well, someone could also publish his or her login/data. In general you cannot prevent people distributing data, but you can minimize risk of abuse.

The question for me, is how to disable easy data access when media wiki is used. One answer is your suggestion. If you are into media wiki and php, maybe we can find out, whether (or how) it is possible to use apache authentification with media wiki authentification as distribed above.

Regards, Marcus