Jump to content

ICT:Account protection: Difference between revisions

From Costa Sano MediaWiki
← Older edit
Mngr (talk | contribs)
Bots, Bureaucrats, club, ict, Interface administrators, research, Suppressors, Administrators
1,027 edits
VisualWikitext
No edit summary
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:Access Control & Account Security}}
{{DISPLAYTITLE:Access Control: The "Lockdown" Model}}
__TOC__
__TOC__
== Infrastructure Overview ==
== Philosophy ==
This wiki is configured as a '''Private Research Platform'''. Access is managed via a "Deny-by-Default" policy, using MediaWiki core permissions for global locks and the [[Extension:Lockdown]] for granular namespace security.
This wiki is a '''Private Research Platform'''. To simplify management, we avoid "blacklisting" individual default namespaces. Instead, we use a "White-room" approach: everything is forbidden by default, and access is granted only to the specific functional layers required for research.


== 1. System Account Security ==
== 1. Global Restrictions ==
* '''MediaWiki default:'''
Applied in `LocalSettings.php` to ensure the wiki is invisible to the public and restricted for standard users.
** Status: Internal System User.
** Security: No password exists; interactive login is impossible.
** Role: Attributes automated software edits.
* '''Sysop Accounts:'''
** Status: Human Administrators.
** Security: Password protected. Managed via [[Special:ListUsers/sysop]].
 
== 2. Global Hardening (LocalSettings.php) ==
The following core settings enforce the private nature of the wiki:


<syntaxhighlight lang="php">
<syntaxhighlight lang="php">
# Disable public access and registration
# Full Privacy: Revoke read from all by default
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['read'] = false;  
$wgGroupPermissions['*']['createaccount'] = false;
 
# Sysop Override: Ensure admins maintain full visibility
$wgGroupPermissions['sysop']['read'] = true;


# The Whitelist: Essential for the Login Screen
# Essential Whitelist: Required for login and site rendering
# Without these, the login page becomes inaccessible (Loop Error)
$wgWhitelistRead = [
$wgWhitelistRead = [
     "Special:UserLogin",
     "Special:UserLogin",
Line 31: Line 23:
</syntaxhighlight>
</syntaxhighlight>


== 3. Namespace Lockdown Logic ==
== 2. Research Environment Exceptions ==
While `$wgGroupPermissions` locks the door, [[Extension:Lockdown]] manages the internal rooms.
Using [[Extension:Lockdown]], we grant the `user` group access to the specific namespaces required for the Dashboard, Cargo queries, and Page Forms.
 
<syntaxhighlight lang="php">
# Research Namespaces
$wgNamespacePermissionLockdown[NS_RESEARCH]['read'] = ['user', 'sysop'];
$wgNamespacePermissionLockdown[NS_DASHBOARD]['read'] = ['user', 'sysop'];
 
# Supporting Infrastructure (Required for Dashboard rendering)
# Researchers need 'read' access to these so templates and forms function.
$wgNamespacePermissionLockdown[NS_TEMPLATE]['read'] = ['user', 'sysop'];
$wgNamespacePermissionLockdown[NS_FORM]['read']    = ['user', 'sysop'];
</syntaxhighlight>
 
== 3. Page Forms & Cargo Interaction ==
The Dashboard utilizes `Template:EntityRow` for layout and queries the Cargo database.
* '''Note:''' If researchers can see the Dashboard but not the data results, ensure the Cargo-specific namespaces are also allowed.
* '''Editing:''' The `edit` permission is granted globally to the `user` group, but restricted by namespace via Lockdown.
 
== 4. Default System Accounts ==
* '''MediaWiki default:''' Internal system user. No password; no login allowed. Safe.
* '''Admin/Sysop:''' Full credentials required.
 
== Successor Notes ==
* '''Adding Entities:''' When creating a new Research Entity, ensure the associated Template and Form are placed in the permitted namespaces.
* '''Testing Access:''' Always test new Dashboard sections with a non-admin "Fellow" account to ensure no "Permission Denied" errors occur during template transclusion.
 
{{DISPLAYTITLE:User Experience & Stealth Configuration}}
__TOC__
== Strategy: Forbidden by Default ==
To prevent "clutter" and spying, the wiki uses a **Negative Lockdown** model. Users are explicitly denied access to all default MediaWiki namespaces.
 
== Configuration Implementation ==
=== 1. Namespace Stealth ===
The following namespaces are hidden from the Search bar and 'All Pages' list for standard members to prevent them from seeing technical infrastructure:
* {{ns:ICT}} (ID: 3000)
* {{ns:Template}} (ID: 10)
* {{ns:Form}} (ID: 106)
 
=== 2. Functional Access ===
Members are restricted to the following functional "Safe Zones":
* '''Dashboard:''' Entry point for all research.
* '''Research:''' The data repository.
 
=== 3. Maintenance Logic ===
Standard users (`group: user`) have had their global `['read']` permission revoked in [[LocalSettings.php]]. They only "see" what is explicitly whitelisted via the Lockdown extension.


* '''ICT: Namespace:''' Restricted to the `sysop` group.
== Successor Warning ==
* '''Research/Dashboard Namespaces:''' Access granted to `user` (fellows) and `sysop`.
If a researcher reports a "Broken Template" error (e.g., seeing raw {{...}} code), it usually means a new Template was created in a namespace that isn't yet whitelisted for the `user` group.
* '''Sysop Rights:''' As per [https://www.mediawiki.org Lockdown documentation], sysops retain visibility across all restricted namespaces unless explicitly revoked.


== 4. Successor Checklist ==
# '''Emergency Access:''' If locked out, set `$wgGroupPermissions['*']['read'] = true;` temporarily in LocalSettings.php.
# '''New Namespaces:''' Any new namespace created for research must be added to the Lockdown array to remain private.
# '''Auditing:''' Use [[Special:ListUsers]] monthly to ensure no "shadow" human accounts have been created.


[[Category:ICT Documentation]]
[[Category:ICT Documentation]]
[[Category:Security Operations]]
[[Category:Security Operations]]

Latest revision as of 18:40, 9 February 2026

Philosophy

This wiki is a Private Research Platform. To simplify management, we avoid "blacklisting" individual default namespaces. Instead, we use a "White-room" approach: everything is forbidden by default, and access is granted only to the specific functional layers required for research.

1. Global Restrictions

Applied in `LocalSettings.php` to ensure the wiki is invisible to the public and restricted for standard users. 

# Full Privacy: Revoke read from all by default
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['user']['read'] = false; 

# Sysop Override: Ensure admins maintain full visibility
$wgGroupPermissions['sysop']['read'] = true;

# Essential Whitelist: Required for login and site rendering
$wgWhitelistRead = [
    "Special:UserLogin",
    "MediaWiki:Common.css",
    "MediaWiki:Common.js"
];

2. Research Environment Exceptions

Using Extension:Lockdown, we grant the `user` group access to the specific namespaces required for the Dashboard, Cargo queries, and Page Forms. 

# Research Namespaces
$wgNamespacePermissionLockdown[NS_RESEARCH]['read'] = ['user', 'sysop'];
$wgNamespacePermissionLockdown[NS_DASHBOARD]['read'] = ['user', 'sysop'];

# Supporting Infrastructure (Required for Dashboard rendering)
# Researchers need 'read' access to these so templates and forms function.
$wgNamespacePermissionLockdown[NS_TEMPLATE]['read'] = ['user', 'sysop'];
$wgNamespacePermissionLockdown[NS_FORM]['read']     = ['user', 'sysop'];

3. Page Forms & Cargo Interaction

The Dashboard utilizes `Template:EntityRow` for layout and queries the Cargo database.

  • Note: If researchers can see the Dashboard but not the data results, ensure the Cargo-specific namespaces are also allowed.
  • Editing: The `edit` permission is granted globally to the `user` group, but restricted by namespace via Lockdown.

4. Default System Accounts

  • MediaWiki default: Internal system user. No password; no login allowed. Safe.
  • Admin/Sysop: Full credentials required.

Successor Notes

  • Adding Entities: When creating a new Research Entity, ensure the associated Template and Form are placed in the permitted namespaces.
  • Testing Access: Always test new Dashboard sections with a non-admin "Fellow" account to ensure no "Permission Denied" errors occur during template transclusion.


Strategy: Forbidden by Default

To prevent "clutter" and spying, the wiki uses a **Negative Lockdown** model. Users are explicitly denied access to all default MediaWiki namespaces.

Configuration Implementation

1. Namespace Stealth

The following namespaces are hidden from the Search bar and 'All Pages' list for standard members to prevent them from seeing technical infrastructure:

  • ICT (ID: 3000)
  • Template (ID: 10)
  • Form (ID: 106)

2. Functional Access

Members are restricted to the following functional "Safe Zones":

  • Dashboard: Entry point for all research.
  • Research: The data repository.

3. Maintenance Logic

Standard users (`group: user`) have had their global `['read']` permission revoked in LocalSettings.php. They only "see" what is explicitly whitelisted via the Lockdown extension.

Successor Warning

If a researcher reports a "Broken Template" error (e.g., seeing raw Template:... code), it usually means a new Template was created in a namespace that isn't yet whitelisted for the `user` group.

Retrieved from "https://mwiki.costasano.club/index.php?title=ICT:Account_protection&oldid=528"