MediaWiki

From code/src wiki
Revision as of 11:32, 12 March 2013 by Michael (talk | contribs) (→‎Secure Login)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Secure Login

mediawiki sends plain-text passwords over the network by default. Use the following extension to enable SSL for the login page.

Extract the SecureLoginPage.tar.gz file into the /var/lib/mediawiki/extensions directory, then insert the following into your /etc/mediawiki/LocalSettings.php file:

require_once("$IP/extensions/SecureLoginPage/SecureLoginPage.php");

MediaWiki sets the "secure" flag on the session cookies by default ($wgCookieSecure == 1). This prevents the browser from supplying the login cookie unless viewing the page over SSL. The /var/lib/mediawiki/extensions/SecureLoginPage/SecureLoginPage_body.php script must be modified to prevent redirecting non-login wiki pages back to HTTP from HTTPS. Modify the "otherPage" function as follows:

function otherPage($out) {
    return true;
}

_Note:_ An SSL-enabled VirtualHost is required in your Apache config.

Original code obtained from the code examples of the book MediaWiki by Daniel J. Barrett.