Jump to content

ICT:Account protection: Difference between revisions

From Costa Sano MediaWiki
← Older edit
Mngr (talk | contribs)
Bots, Bureaucrats, club, ict, Interface administrators, research, Suppressors, Administrators
1,027 edits
VisualWikitext
No edit summary
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 2: Line 2:
__TOC__
__TOC__
== Philosophy ==
== Philosophy ==
This wiki operates on a '''Whitelist-only''' visibility model. By default, all namespaces (including Main, Category, and Help) are hidden from research fellows. Access is granted explicitly to specific project namespaces.
This wiki is a '''Private Research Platform'''. To simplify management, we avoid "blacklisting" individual default namespaces. Instead, we use a "White-room" approach: everything is forbidden by default, and access is granted only to the specific functional layers required for research.


== 1. Global Lockdown (LocalSettings.php) ==
== 1. Global Restrictions ==
To prevent researchers from browsing default namespaces (Main, User, etc.), we first revoke read access from the standard 'user' group.
Applied in `LocalSettings.php` to ensure the wiki is invisible to the public and restricted for standard users.


<syntaxhighlight lang="php">
<syntaxhighlight lang="php">
# 1. Block everyone (including logged-in fellows) from reading by default
# Full Privacy: Revoke read from all by default
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['user']['read'] = false;
$wgGroupPermissions['user']['read'] = false;  


# 2. Grant Sysops total access to override the block
# Sysop Override: Ensure admins maintain full visibility
$wgGroupPermissions['sysop']['read'] = true;
$wgGroupPermissions['sysop']['read'] = true;
# Essential Whitelist: Required for login and site rendering
$wgWhitelistRead = [
    "Special:UserLogin",
    "MediaWiki:Common.css",
    "MediaWiki:Common.js"
];
</syntaxhighlight>
</syntaxhighlight>


== 2. Defining the "Exceptions" ==
== 2. Research Environment Exceptions ==
We use [[Extension:Lockdown]] to open specific "windows" for the research fellows. This is much cleaner than manually locking every default namespace.
Using [[Extension:Lockdown]], we grant the `user` group access to the specific namespaces required for the Dashboard, Cargo queries, and Page Forms.


<syntaxhighlight lang="php">
<syntaxhighlight lang="php">
# Grant 'user' group access ONLY to these specific namespaces
# Research Namespaces
$wgNamespacePermissionLockdown[NS_RESEARCH]['read'] = ['user', 'sysop'];
$wgNamespacePermissionLockdown[NS_RESEARCH]['read'] = ['user', 'sysop'];
$wgNamespacePermissionLockdown[NS_DASHBOARD]['read'] = ['user', 'sysop'];
$wgNamespacePermissionLockdown[NS_DASHBOARD]['read'] = ['user', 'sysop'];


# Ensure Cargo and Page Forms namespaces are accessible if needed for queries
# Supporting Infrastructure (Required for Dashboard rendering)
$wgNamespacePermissionLockdown[NS_CARGO_SPECIAL]['read'] = ['user', 'sysop'];
# Researchers need 'read' access to these so templates and forms function.
$wgNamespacePermissionLockdown[NS_TEMPLATE]['read'] = ['user', 'sysop'];
$wgNamespacePermissionLockdown[NS_FORM]['read']     = ['user', 'sysop'];
</syntaxhighlight>
</syntaxhighlight>


== 3. Handling the Whitelist ==
== 3. Page Forms & Cargo Interaction ==
Because the wiki is private, certain technical pages must be "Whitelisted" so the browser can render the login screen and basic styles.
The Dashboard utilizes `Template:EntityRow` for layout and queries the Cargo database.
* '''Note:''' If researchers can see the Dashboard but not the data results, ensure the Cargo-specific namespaces are also allowed.
* '''Editing:''' The `edit` permission is granted globally to the `user` group, but restricted by namespace via Lockdown.
 
== 4. Default System Accounts ==
* '''MediaWiki default:''' Internal system user. No password; no login allowed. Safe.
* '''Admin/Sysop:''' Full credentials required.
 
== Successor Notes ==
* '''Adding Entities:''' When creating a new Research Entity, ensure the associated Template and Form are placed in the permitted namespaces.
* '''Testing Access:''' Always test new Dashboard sections with a non-admin "Fellow" account to ensure no "Permission Denied" errors occur during template transclusion.
 
{{DISPLAYTITLE:User Experience & Stealth Configuration}}
__TOC__
== Strategy: Forbidden by Default ==
To prevent "clutter" and spying, the wiki uses a **Negative Lockdown** model. Users are explicitly denied access to all default MediaWiki namespaces.
 
== Configuration Implementation ==
=== 1. Namespace Stealth ===
The following namespaces are hidden from the Search bar and 'All Pages' list for standard members to prevent them from seeing technical infrastructure:
* {{ns:ICT}} (ID: 3000)
* {{ns:Template}} (ID: 10)
* {{ns:Form}} (ID: 106)
 
=== 2. Functional Access ===
Members are restricted to the following functional "Safe Zones":
* '''Dashboard:''' Entry point for all research.
* '''Research:''' The data repository.


<syntaxhighlight lang="php">
=== 3. Maintenance Logic ===
$wgWhitelistRead = [
Standard users (`group: user`) have had their global `['read']` permission revoked in [[LocalSettings.php]]. They only "see" what is explicitly whitelisted via the Lockdown extension.
    "Special:UserLogin",
    "MediaWiki:Common.css",
    "MediaWiki:Common.js",
    "Main_Page" // Optional: if you want them to see the landing page before login
];
</syntaxhighlight>


== 4. System Account Security Reference ==
== Successor Warning ==
* '''MediaWiki default:''' Internal system identity. No password, no login capability. Safe.
If a researcher reports a "Broken Template" error (e.g., seeing raw {{...}} code), it usually means a new Template was created in a namespace that isn't yet whitelisted for the `user` group.
* '''Project Sysop:''' Full authority. Bypasses namespace restrictions to manage the ICT infrastructure.


== Successor Notes ==
* '''The "Everything is Hidden" Trap:''' If a researcher cannot see a Cargo map or a Page Form, check if the namespace for that specific template or data table is included in the Lockdown exceptions.
* '''Testing:''' Use a "Fellow" test account to verify that namespaces like `Category:` or `File:` remain invisible.


[[Category:ICT Documentation]]
[[Category:ICT Documentation]]
[[Category:Security Operations]]
[[Category:Security Operations]]

Latest revision as of 18:40, 9 February 2026

Philosophy

This wiki is a Private Research Platform. To simplify management, we avoid "blacklisting" individual default namespaces. Instead, we use a "White-room" approach: everything is forbidden by default, and access is granted only to the specific functional layers required for research.

1. Global Restrictions

Applied in `LocalSettings.php` to ensure the wiki is invisible to the public and restricted for standard users. 

# Full Privacy: Revoke read from all by default
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['user']['read'] = false; 

# Sysop Override: Ensure admins maintain full visibility
$wgGroupPermissions['sysop']['read'] = true;

# Essential Whitelist: Required for login and site rendering
$wgWhitelistRead = [
    "Special:UserLogin",
    "MediaWiki:Common.css",
    "MediaWiki:Common.js"
];

2. Research Environment Exceptions

Using Extension:Lockdown, we grant the `user` group access to the specific namespaces required for the Dashboard, Cargo queries, and Page Forms. 

# Research Namespaces
$wgNamespacePermissionLockdown[NS_RESEARCH]['read'] = ['user', 'sysop'];
$wgNamespacePermissionLockdown[NS_DASHBOARD]['read'] = ['user', 'sysop'];

# Supporting Infrastructure (Required for Dashboard rendering)
# Researchers need 'read' access to these so templates and forms function.
$wgNamespacePermissionLockdown[NS_TEMPLATE]['read'] = ['user', 'sysop'];
$wgNamespacePermissionLockdown[NS_FORM]['read']     = ['user', 'sysop'];

3. Page Forms & Cargo Interaction

The Dashboard utilizes `Template:EntityRow` for layout and queries the Cargo database.

  • Note: If researchers can see the Dashboard but not the data results, ensure the Cargo-specific namespaces are also allowed.
  • Editing: The `edit` permission is granted globally to the `user` group, but restricted by namespace via Lockdown.

4. Default System Accounts

  • MediaWiki default: Internal system user. No password; no login allowed. Safe.
  • Admin/Sysop: Full credentials required.

Successor Notes

  • Adding Entities: When creating a new Research Entity, ensure the associated Template and Form are placed in the permitted namespaces.
  • Testing Access: Always test new Dashboard sections with a non-admin "Fellow" account to ensure no "Permission Denied" errors occur during template transclusion.


Strategy: Forbidden by Default

To prevent "clutter" and spying, the wiki uses a **Negative Lockdown** model. Users are explicitly denied access to all default MediaWiki namespaces.

Configuration Implementation

1. Namespace Stealth

The following namespaces are hidden from the Search bar and 'All Pages' list for standard members to prevent them from seeing technical infrastructure:

  • ICT (ID: 3000)
  • Template (ID: 10)
  • Form (ID: 106)

2. Functional Access

Members are restricted to the following functional "Safe Zones":

  • Dashboard: Entry point for all research.
  • Research: The data repository.

3. Maintenance Logic

Standard users (`group: user`) have had their global `['read']` permission revoked in LocalSettings.php. They only "see" what is explicitly whitelisted via the Lockdown extension.

Successor Warning

If a researcher reports a "Broken Template" error (e.g., seeing raw Template:... code), it usually means a new Template was created in a namespace that isn't yet whitelisted for the `user` group.

Retrieved from "https://mwiki.costasano.club/index.php?title=ICT:Account_protection&oldid=528"