Difference between revisions of "Educaship MediaWiki"
(→Guided tour) |
(→Challenges) |
||
Line 5: | Line 5: | ||
==Challenges== | ==Challenges== | ||
+ | Guys, we are looking | ||
===LDAP integration=== | ===LDAP integration=== | ||
: '''[[Identity and access management]]'''. For a few years, the stable version of the ''Soft'' has not been updated due to new versions' conflict with [[CNM LDAP]]. Currently, the ''Soft'' uses an outdated, [[Special:Version|1.26.4 version]] of [[MediaWiki]], because the extension used to connect to its [[OpenLDAP]] does not support newer versions. At some period of time, [[CNM Technology Board]] considered three options: (1) to find or create a new extension, (2) to find another way to connect without using the extension, or (3) keep things as they are. At that time, the ''Board'' decided to keep things as they were since the current architecture was temporary. The ''Board'' believed that when a new private cloud based on [[OpenStack]] would be launched in the fourth phase of [[CNM Cloud Project]], its [[Keystone]] solution would be used for [[authentication]]s and [[authorization]]s. Plus, the ''Soft'' never contained any private information; all of its users' data was stored in [[Opplet.net]]. Later, the ''Board'' also considered migration to the [[WSO2 IS]]-based integration and wasn't sure whether LDAP would remain necessary. However, some when in early 2023, the even historic LDAP integration stopped functioning properly, possibly, because of outdated [[PHP]]-support. | : '''[[Identity and access management]]'''. For a few years, the stable version of the ''Soft'' has not been updated due to new versions' conflict with [[CNM LDAP]]. Currently, the ''Soft'' uses an outdated, [[Special:Version|1.26.4 version]] of [[MediaWiki]], because the extension used to connect to its [[OpenLDAP]] does not support newer versions. At some period of time, [[CNM Technology Board]] considered three options: (1) to find or create a new extension, (2) to find another way to connect without using the extension, or (3) keep things as they are. At that time, the ''Board'' decided to keep things as they were since the current architecture was temporary. The ''Board'' believed that when a new private cloud based on [[OpenStack]] would be launched in the fourth phase of [[CNM Cloud Project]], its [[Keystone]] solution would be used for [[authentication]]s and [[authorization]]s. Plus, the ''Soft'' never contained any private information; all of its users' data was stored in [[Opplet.net]]. Later, the ''Board'' also considered migration to the [[WSO2 IS]]-based integration and wasn't sure whether LDAP would remain necessary. However, some when in early 2023, the even historic LDAP integration stopped functioning properly, possibly, because of outdated [[PHP]]-support. |
Revision as of 18:25, 21 April 2023
CNM MediaWiki (formerly known as CNM Wikiware; hereinafter, the Soft) is the CNM stable app that is based on MediaWiki, which is a commercial off-the-shelf (COTS) wiki engine. In addition, the Soft deploys CNM MariaDB as its database management system and CNM LDAP for its authentication and authorization.
The Soft is configured to power CNM Wiki, WikiHandsOn, or WikiNext, which are both CNMCyber services and parts of CNM Cloud.
Challenges
Guys, we are looking
LDAP integration
- Identity and access management. For a few years, the stable version of the Soft has not been updated due to new versions' conflict with CNM LDAP. Currently, the Soft uses an outdated, 1.26.4 version of MediaWiki, because the extension used to connect to its OpenLDAP does not support newer versions. At some period of time, CNM Technology Board considered three options: (1) to find or create a new extension, (2) to find another way to connect without using the extension, or (3) keep things as they are. At that time, the Board decided to keep things as they were since the current architecture was temporary. The Board believed that when a new private cloud based on OpenStack would be launched in the fourth phase of CNM Cloud Project, its Keystone solution would be used for authentications and authorizations. Plus, the Soft never contained any private information; all of its users' data was stored in Opplet.net. Later, the Board also considered migration to the WSO2 IS-based integration and wasn't sure whether LDAP would remain necessary. However, some when in early 2023, the even historic LDAP integration stopped functioning properly, possibly, because of outdated PHP-support.
File repository
- Software repository:
- Currently, the Soft itself is used as the repository; no federated repository is available. Because CNM Cloud includes a few end-user applications, there is an idea to create one under the Warehouse for CNM Cloud project. Similarly, Wikipedia utilizes Wikimedia Commons as its repository.
- In addition, a few problems with pictures occurred in the past. As of early 2023, no problems are observed, but the quantity of stored files are about to increase significantly.
- SVG file support is another issue of the Soft development. The overwhelming majority of corporate files are in the SVG format, but, because the Soft doesn't support SVG, they need to be converted in the PNG one.
- CNMCyber has a dedicated email server; we wonder whether we can plug a Soft email client, which is currently unused, into that server.
SOP
- Currently, CNM Farms policies are utilized for archive, backup, monitoring, security, snapshot, and restoration policies; however, there could be some tools that are useful specifically for the Soft that we are unaware of.
Guided tour
- We use the CNMCyber Guided Tours format and need someone to organize an event that would present the Soft.
Business functionality
Besides supporting CNM Wiki, the App serves as a practice tool in the learning that is delivered by Bracka School and related to knowledge management software.
System-user roles
- Opplet handles identity and access management for the App (including "create account" and "change other users' rights" functions). Thus, the system-user roles of the App's users are those Opplet roles that are specifically based on rights of groups granted by MediaWiki. The software-defined rights can be found at MediaWiki's list of groups.
Platform
- Main wikipage: CNM Farms
- CNM Farms shall provide the App with all resources that the App needs in order to run smoothly, including:
- PHP-language support;
- OpenLDAP that CNM Cloud uses for identity and access management; and
- MariaDB as the database management system,
- Particularly, the platform shall:
- Make sure that the App is available 99.99% of the time for any 24-hour period;
- Doesn't store any confidential information, so such information cannot be accessed by anyone.
Security
Vulnerability alerts
Extensions
- Extensions
- Sendmail is required in order for the system to be able to send e-mails.
- Shell access is required to run maintenance scripts; upgrading MediaWiki may be more difficult without it.
File permissions
- Main wikipage: File permission
TLS
- Main wikipage: TLS
PHP
- Main wikipage: PHP security
- PHP security is needed for pretty much any PHP environment; it is not necessarily specific to the App.
LocalSettings.php usually contains sensitive data such as database logins. This data should never be revealed to the public! Due to a security breach somewhere on the server, it might happen that other users are able to view the contents of files. In order to improve security of your data, you should set UNIX permissions for this file accordingly: The webserver user must have access to this file. If this is the same account, who is the owner of the file, then you can set permissions to 600. Sometimes, the webserver user is not the file owner, but they are in the owner's UNIX user group. In this case, permissions of 640 should be fine. For improved security you should narrow permissions down as far as possible.
Additionally, you can create a MySQL user, who is restricted to only the database used by the wiki and provide this user's credentials in LocalSettings.php. Also you can configure your database server to only accept connections from localhost - this should prevent access from outside in case of leaked credentials.
MariaDB
Maintenance scripts
Upload security
Main wikipage: Upload_security
Upload permissions Per default, all registered users can upload files. To restrict this, you have to change $wgGroupPermissions: To prevent normal users from uploading files: $wgGroupPermissions['user']['upload'] = false; To create a special group called "uploadaccess", and allow members of that group to upload files: $wgGroupPermissions['uploadaccess']['upload'] = true;
See also
Development
- Development of the Soft occurs under the MediaWiki for CNM Cloud project.
Related lectures
Errors
Symfony\Component\Ldap\Entry Object ( [dn:Symfony\Component\Ldap\Entry:private] => cn=natly0909_rou=applet,dc=career prize,dc=com [attributes:Symfony\Component\Ldap\Entry:private] => Array ( [uid] => Array ([0] => natly0909_r ) [0] => Array ( [0] => Zina ) [I] => Array ( [0] => Sinih ) [gecos] => Array [0] natly0909_r@gmail.com ))) [[Category:CNM COTS products]][[Category: CNM Cyber Orientation]][[Category: Articles]]