SecurePages
Deprecated Extension!This extension is deprecated and no longer maintained by the developer. It may no longer work for current versions of MediaWiki and Bugs are no longer fixed. Please see the Deprecated section for more information. |
 Release status: stable | |
|---|---|
| Implementation | other (invalid type) |
| Description | Allows you to configure your Wiki to use https for confidential pages. |
| Author(s) | Mati talk |
| Version | 1.0 (2009-08-06) |
| MediaWiki | 1.16 or later |
| License | GPL v3 or any later version. |
| Download | SourceCode in GIT Documentation Changelog |
| Parameters | wgSecurePages |
| Example | Try to login into this wiki. |
Confidential Information, most commonly passwords, should never be transmitted through a plain HTTP connection since an eavesdropper can easily intercept that information. Using HTTPS is a solution but adds an additional load to your servers (for the encryption) so you don't want to use https if you are on "normal" pages. This extension solves just that problem: It redirects the user to HTTPS on just some pages while redirecting to HTTP on any other page.
Download
The source code of this extension was hosted on git.fsinf.at, a project no longer maintained. Since this extension was so old, the git repository was not transfered to any other repository and the source code is no longer available.
Installation & Configuration
Warning: This extension does not work out of the box with MediaWikis older than 1.16. See MediaWiki 1.15.1 and older.
Before you go forward with installing this extension, you should make sure that your wiki is working fine with both HTTP and HTTPS. Otherwise, results may be unpredictable.
Other than that, the installation is straight forward:
- Download the sourcecode into your extensions/ directory
- Modify LocalSettings.php:
require_once ( "$IP/extensions/SecurePages/SecurePages.php" );
$wgSecurePages = array(
-1 => array( 'UserLogin', 'Preferences', 'ChangePassword'),
);
$wgSecurePages configures which pages should be available only through https. The key of the array is the ID of the namespace, each listing a single page that might send confidential information. The above example classifies the Special:UserLogin, Special:Preferences and Special:ChangePassword as such pages.
It may also be necessary to set $wgCookieSecure to false in LocalSettings.php, otherwise the session cookie set by the https login may be inaccessible to the normal http browsing session.
MediaWiki 1.15.1 and older
This extension requires the BeforeInitialize Hook, which was added in r54318 of MediaWiki. MediaWiki versions 1.15.1 or older require that you manually add the Hook yourself. This is simple enough though: Simply add this line
wfRunHooks( 'BeforeInitialize', array( &$title, &$article, &$output, &$user, $request, $this ) );
to the initialize function in includes/Wiki.php. I personally tested this with MediaWiki 1.13 and 1.15.1, but it should also work on older versions.
Changelog
1.0 (rev. 327)
- first version documented here.
- Note that this extension uses almost the same code as Extension:HttpsLogin and is its direct successor.
License
GPL v3 or any later version.
A lot of the sourcecode of this extension originally comes from here.