If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked.
For further details, see Security issues with authorization extensions
This extension is currently not actively maintained! Although it may still work, any bug reports or feature requests will more than likely be ignored.
Release status: unmaintained
|Implementation||User rights, Page action|
|Description||This allows page protection using password|
|Author(s)||Piotr Stawiński (PSttalk)|
|Latest version||0.01 (2009-02-10)|
|MediaWiki 1.36||Not formally tested|
|MediaWiki 1.34||Not formally tested|
|MediaWiki 1.32||Not formally tested|
|License||No license specified|
What can this extension do?
This is a pretty simple implementation of per page protection. It allows to protect each page with separate password from reading and editing. It uses userCan hook with all its advantages and disadvantages.
This is very experimental version! Do not use it to protect critical data.
On my wiki I've created special namespace:
define("NS_PROTECT", 100); define("NS_PROTECT_TALK", 101); $wgExtraNamespaces[NS_PROTECT] = "Protect"; $wgExtraNamespaces[NS_PROTECT_TALK] = "Protect_talk"; $wgProtectedPagesNamespaces = array(NS_PROTECT, NS_PROTECT_TALK);
that is protected. However, You can protect whichever namespace You like. Protected articles displays new personalUrl "protect". After creating page You should click protect (in personal url), then You'd be redirected to set up the page password. After doing this anyone wanting to see/edit this page have to unlock it using password.
Sysops can see every page as it was not protected. Protected pages are visible only for logged users.
To install this extension, download all files to extensions/PasswordProtectPages and add the following to LocalSettings.php:
$wgProtectedPagesNamespaces = array(NS_PROTECT, NS_PROTECT_TALK); # or: NS_MAIN etc. require_once("$IP/extensions/PasswordProtectPages/PPP.php");
You also have to create new table to store passwords: execute this code to your database (add in front of protect_pages your prefix):
CREATE TABLE `protect_pages` ( `pageid` int(3) NOT NULL, `password` blob NOT NULL )
This is per page protection with all it's consequencies. I would recommend setting:
$wgFeed = false;
for better protection.
Protected pages are still searchable! But their source is hopefully not displayed, so this lack of security is not critical.
I'm gonna test this extension intensively next days.