Difference between revisions of "Issue:Option to only run DPL from protected pages"
From FollowTheScore
m |
m |
||
Line 13: | Line 13: | ||
An option to give the full control to the admin is by letting DPL code only run from protected pages. [http://www.mediawiki.org/wiki/Extension:SecureHTML Extension:SecureHTML] uses it and it is so simple & safe at the same time. Advantages with "$wgProtectedDPL": | An option to give the full control to the admin is by letting DPL code only run from protected pages. [http://www.mediawiki.org/wiki/Extension:SecureHTML Extension:SecureHTML] uses it and it is so simple & safe at the same time. Advantages with "$wgProtectedDPL": | ||
*To protect a page you have to be an administrator, i.e. | *To protect a page you have to be an administrator, i.e. | ||
− | *Normal users | + | *Normal users can't create pages with DPL code |
− | *Normal users | + | *Normal users can't manipulate existing DPL code, because they can't edit the page. This is also possible without this new feature but with "$wgProtectedDPL" they simply can't do things the admin didn't allow with his DPL functions. |
− | * | + | *Normal users can't create or manipulate DPL code. They can include a protected page but then? No abuse :) |
It may not seem to be important for you but surely for other wikis with sensible data. | It may not seem to be important for you but surely for other wikis with sensible data. | ||
== Reply == | == Reply == |
Revision as of 22:45, 30 April 2009
Description: | Protect your wiki from DPL abuse. E.g. "$wgProtectedDPL" as option to let DPL run only from protected pages. |
Extension / Version: | DPL / ? |
Type / Status: | Change Request / open |
Problem
Note: I talk about an option, not a must.
Some wiki admins may not like the idea that other users can run DPL from any page. E.g. I'm paranoid, somebody copies all my content, so I disabled all Export features etc.
An option to give the full control to the admin is by letting DPL code only run from protected pages. Extension:SecureHTML uses it and it is so simple & safe at the same time. Advantages with "$wgProtectedDPL":
- To protect a page you have to be an administrator, i.e.
- Normal users can't create pages with DPL code
- Normal users can't manipulate existing DPL code, because they can't edit the page. This is also possible without this new feature but with "$wgProtectedDPL" they simply can't do things the admin didn't allow with his DPL functions.
- Normal users can't create or manipulate DPL code. They can include a protected page but then? No abuse :)
It may not seem to be important for you but surely for other wikis with sensible data.