Extension:Cargo/FAQ

Is Cargo secure?
Given that Cargo makes what are essentially direct SQL calls into the database, security is naturally a concern. There are two main potential security issues:
 * Users using Cargo to view non-Cargo database tables
 * Users accidentally or maliciously deleting non-Cargo database tables.

For both concerns, the design of Cargo is meant to avoid such a possibility. Cargo does not directly make SQL calls, but rather uses MediaWiki's database-access code to interface with the database, which is meant to avoid things like SQL injection. And Cargo accesses the database with a built-in prefix, "cargo__", which means that if it goes to read from, write to or delete a table called "ABC", the MediaWiki code will translate that into a table name called "cargo__ABC". In that way, only tables with the "cargo__" prefix can be read or modified by the Cargo code.

Finally, you can configure Cargo to store its data in a separate database entirely from the one used by MediaWiki, just by setting some LocalSettings.php variables (see "Configuration", above). This will establish a clear wall between the Cargo data and the rest of the MediaWiki data.

How is Cargo's performance?
No rigorous testing has been done yet, but for standard queries, the performance seems to be quite good.

There is the possibility that users, maliciously or otherwise, could use #cargo_query to construct queries that slow down or even crash the database or server. Cargo tries to prevent this by requiring a "join" condition for every database table mentioned in the query, as well as by indexing its DB fields (although perhaps more should be done here).

Additionally, as above, you can always create a separate Cargo database, potentially even on another server, to minimize the impact that Cargo queries would have on the database or server.

Why does Cargo exist?
Semantic MediaWiki and its related extensions already offer most of the functionality of Cargo, which raises the obvious question of why Cargo was created in the first place. This is addressed in the page Cargo and Semantic MediaWiki.

It should be noted that there is inherently wrong with Semantic MediaWiki; it's a fantastic extension, and any wiki that uses it is significantly better off than a wiki just running core MediaWiki.