SecureFileStore
-
- Last edited 7 years ago by WikiSysop
-
-
- This page is expired
SecureFileStore (prev. SecureImages) solves a general security vulnerability of MediaWikis. Up to now pictures and documents could be found with search engines like google, even then the wiki-sites were protected by user permissions.
Especially in a business environment it is important that uploaded data is only accessible for authorized users. Pictures and documents should be visible for registered users.
Contents
Technical Background
When the SecureFileStore-Extension is active, then the pictures and documents are only shown when the appropriate authorization is met. If not, then there will be an error code “403 Forbidden”. Additionally the webserver administrator has to ban the HTTP-access to the MediaWiki-upload-directory.
Where can I find the function SecureFileStore?
Functions of SecureFileStore
Preferences
The Wiki-Admin can use following preferences:
- DefaultDisposition: String which determinates whether data will be shown in the browser by default (Inline) or if it has to be opened with an external program (Attachment).
- DispositionInline: Combobox with multiple selections; list of file extensions for files which are allowed to be accessed in the browser but are not at disposal of download (Inline).
- DispositionAttachment: Combobox with multiple selectors; list of file extensions for files, which are only accessible from external programs (Attachment).
- FileExtensionWhitelist: Combobox with multiple selectors; list of file extensions for files which should be displayed, regardless of the permissions.