MediaWiki

From code/src wiki
Revision as of 21:32, 12 March 2013 by Michael (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Secure Login

mediawiki sends plain-text passwords over the network by default. Use the following extension to enable SSL for the login page.

Extract the SecureLoginPage.tar.gz file into the /var/lib/mediawiki/extensions directory, then insert the following into your /etc/mediawiki/LocalSettings.php file:

require_once("$IP/extensions/SecureLoginPage/SecureLoginPage.php");

MediaWiki sets the "secure" flag on the session cookies by default ($wgCookieSecure == 1). This prevents the browser from supplying the login cookie unless viewing the page over SSL. The /var/lib/mediawiki/extensions/SecureLoginPage/SecureLoginPage_body.php script must be modified to prevent redirecting non-login wiki pages back to HTTP from HTTPS. Modify the "otherPage" function as follows:

function otherPage($out) {
    return true;
}

_Note:_ An SSL-enabled VirtualHost is required in your Apache config.

Original code obtained from the code examples of the book MediaWiki by Daniel J. Barrett.

Personal tools