Security for developers/bn



''' As a MediaWiki developer, you have a responsibility to write secure code in a style that is easy to review and audit. ''' This article focuses on the issues related to security and on the best practices used by MediaWiki developers to address these security issues. For issues of coding style, please read the MediaWiki coding conventions.

Every MediaWiki developer should carefully read this article, regardless of their level of experience in web application development and with PHP, and periodically re-familiarize themselves with this material. Additionally, every developer should carefully read the articles on Cross-site scripting (XSS), Cross-site request forgery (CSRF), and, which each provide more detailed explanations of each of these common vulnerability types. The provides a useful reference for common development tasks.

Why security matters
Web application security is a critical issue in the wired world. Websites with security vulnerabilities are a key part of the illicit global infrastructure of malware, spam and phishing. Bot herders crawl the web looking for websites with security vulnerabilities, and then use the vulnerabilities to hijack them. The hijacked website will distribute malware (viruses) to visitors, either via browser vulnerabilities or overtly by social engineering. The downloaded malware turns the client's computer into a "zombie" that is part of a global network of organized crime aimed at stealing bank account details, sending spam, and extorting money from websites with denial-of-service threats.

Demonstrable security
It's not enough to assure yourself that you are perfect and that your code has no security vulnerabilities. Everyone makes mistakes. All core code, and a good deal of extension code, is reviewed by experienced developers to verify its security. This is a good practice and should be encouraged.

Write code in such a way that it is demonstrably secure, such that a reviewer can more easily tell that it's secure. Don't write code that looks suspicious but is, on careful examination, secure. Such code causes unnecessary reviewer anxiety.

Overview of security vulnerabilities and attacks
This document has a strong focus on the following attacks and security risks. Each MediaWiki developer should be familiar with these issues and have at least a passing understanding of them.