MediaWiki: Difference between revisions

Latest revision as of 11:32, 12 March 2013

Secure Login

mediawiki sends plain-text passwords over the network by default. Use the following extension to enable SSL for the login page.

Extract the SecureLoginPage.tar.gz file into the /var/lib/mediawiki/extensions directory, then insert the following into your /etc/mediawiki/LocalSettings.php file:

require_once("$IP/extensions/SecureLoginPage/SecureLoginPage.php");

MediaWiki sets the "secure" flag on the session cookies by default ($wgCookieSecure == 1). This prevents the browser from supplying the login cookie unless viewing the page over SSL. The /var/lib/mediawiki/extensions/SecureLoginPage/SecureLoginPage_body.php script must be modified to prevent redirecting non-login wiki pages back to HTTP from HTTPS. Modify the "otherPage" function as follows:

function otherPage($out) {
    return true;
}

_Note:_ An SSL-enabled VirtualHost is required in your Apache config.

Original code obtained from the code examples of the book MediaWiki by Daniel J. Barrett.

MediaWiki: Difference between revisions

Latest revision as of 11:32, 12 March 2013

Secure Login

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools

@@ Line 6: / Line 6: @@
   require_once("$IP/extensions/SecureLoginPage/SecureLoginPage.php");
+MediaWiki sets the "secure" flag on the session cookies by default ($wgCookieSecure == 1). This prevents the browser from supplying the login cookie unless viewing the page over SSL.  The /var/lib/mediawiki/extensions/SecureLoginPage/SecureLoginPage_body.php script must be modified to prevent redirecting non-login wiki pages back to HTTP from HTTPS. Modify the "otherPage" function as follows:
+ function otherPage($out) {
+     return true;
+ }
 _Note:_ An [[SSL]]-enabled VirtualHost is required in your Apache config.
 Original code obtained from the code examples of the book [http://www.oreilly.com/catalog/9780596519681/  MediaWiki] by Daniel J. Barrett.