SecureFileStore

Revision as of 15:04, 14 November 2017 by Angelika (talk | contribs) (Changed categories.)

Extension: SecureFileStore


Overview
Description: Solves a general security vulnerability of MediaWikis.
State: stable Dependency: MediaWiki, BlueSpice
Developer: HalloWelt License: -
Type: BlueSpice Category: -
Edition: BlueSpicePro"BlueSpicePro" is not in the list (BlueSpice pro, BlueSpice free, BlueSpice Farm, BlueSpice Cloud, BlueSpice free (deactivated), BlueSpice pro (deactivated), BlueSpice Farm (deactivated), BlueSpice Cloud (deactivated)) of allowed values for the "BSExtensionInfoEdition" property.

Features


SecureFileStore (prev. SecureImages) solves a general security vulnerability of MediaWikis. Up to now pictures and documents could be found with search engines like google, even then the wiki-sites were protected by user permissions.

Especially in a business environment it is important that uploaded data is only accessible for authorized users. Pictures and documents should be visible for registered users.

Technical Background

When the SecureFileStore-Extension is active, then the pictures and documents are only shown when the appropriate authorization is met. If not, then there will be an error code “403 Forbidden”. Additionally the webserver administrator has to ban the HTTP-access to the MediaWiki-upload-directory.

Where can I find the function SecureFileStore?

Functions of SecureFileStore

Preferences

The Wiki-Admin can use following preferences:

  • DefaultDisposition: String which determinates whether data will be shown in the browser by default (Inline) or if it has to be opened with an external program (Attachment).
  • DispositionInline: Combobox with multiple selections; list of file extensions for files which are allowed to be accessed in the browser but are not at disposal of download (Inline).
  • DispositionAttachment: Combobox with multiple selectors; list of file extensions for files, which are only accessible from external programs (Attachment).
  • FileExtensionWhitelist: Combobox with multiple selectors; list of file extensions for files which should be displayed, regardless of the permissions.

Attachments

Discussions