Difference between revisions of "Educaship MediaWiki"

From CNM Wiki
Jump to: navigation, search
(SOP)
(Mail)
Line 10: Line 10:
 
: '''[[Software repository]]'''. Currently, the ''Soft'' itself is used as the repository; no federated repository is available. Because [[CNM Cloud]] includes a few [[end-user application]]s, there is an idea to create one under the [[Warehouse for CNM Cloud]] project. Similarly, [[Wikipedia]] utilizes [[Wikimedia Commons]] as its repository. In addition, a few problems with pictures occurred in the past. As of early 2023, no problems are observed, but the quantity of stored files are about to increase significantly. [[SVG]] file support is another issue in this group. The overwhelming majority of corporate files are in the [[SVG]] format, but, because the ''Soft'' doesn't support SVG, they need to be converted in the [[PNG]] one.  
 
: '''[[Software repository]]'''. Currently, the ''Soft'' itself is used as the repository; no federated repository is available. Because [[CNM Cloud]] includes a few [[end-user application]]s, there is an idea to create one under the [[Warehouse for CNM Cloud]] project. Similarly, [[Wikipedia]] utilizes [[Wikimedia Commons]] as its repository. In addition, a few problems with pictures occurred in the past. As of early 2023, no problems are observed, but the quantity of stored files are about to increase significantly. [[SVG]] file support is another issue in this group. The overwhelming majority of corporate files are in the [[SVG]] format, but, because the ''Soft'' doesn't support SVG, they need to be converted in the [[PNG]] one.  
 
===Mail===
 
===Mail===
 +
: [[CNMCyber]] has a dedicated email server; we wonder whether we can plug a ''Soft'' email client, which is currently unused, into that server.
 +
 
===SOP===
 
===SOP===
 
: Backup, monitoring, security, snapshot, and restoration policies, archive.
 
: Backup, monitoring, security, snapshot, and restoration policies, archive.

Revision as of 16:19, 21 April 2023

CNM MediaWiki (formerly known as CNM Wikiware; hereinafter, the Soft) is the CNM stable app that is based on MediaWiki, which is a commercial off-the-shelf (COTS) wiki engine. In addition, the Soft deploys CNM MariaDB as its database management system and CNM LDAP for its authentication and authorization.

The Soft is configured to power CNM Wiki, WikiHandsOn, or WikiNext, which are both CNMCyber services and parts of CNM Cloud.


Challenges

LDAP integration

Identity and access management. For a few years, the stable version of the Soft has not been updated due to new versions' conflict with CNM LDAP. Currently, the Soft uses an outdated, 1.26.4 version of MediaWiki, because the extension used to connect to its OpenLDAP does not support newer versions. At some period of time, CNM Technology Board considered three options: (1) to find or create a new extension, (2) to find another way to connect without using the extension, or (3) keep things as they are. At that time, the Board decided to keep things as they were since the current architecture was temporary. The Board believed that when a new private cloud based on OpenStack would be launched in the fourth phase of CNM Cloud Project, its Keystone solution would be used for authentications and authorizations. Plus, the Soft never contained any private information; all of its users' data was stored in Opplet.net. Later, the Board also considered migration to the WSO2 IS-based integration and wasn't sure whether LDAP would remain necessary. However, some when in early 2023, the even historic LDAP integration stopped functioning properly, possibly, because of outdated PHP-support.

File repository

Software repository. Currently, the Soft itself is used as the repository; no federated repository is available. Because CNM Cloud includes a few end-user applications, there is an idea to create one under the Warehouse for CNM Cloud project. Similarly, Wikipedia utilizes Wikimedia Commons as its repository. In addition, a few problems with pictures occurred in the past. As of early 2023, no problems are observed, but the quantity of stored files are about to increase significantly. SVG file support is another issue in this group. The overwhelming majority of corporate files are in the SVG format, but, because the Soft doesn't support SVG, they need to be converted in the PNG one.

Mail

CNMCyber has a dedicated email server; we wonder whether we can plug a Soft email client, which is currently unused, into that server.

SOP

Backup, monitoring, security, snapshot, and restoration policies, archive.

Guided tour

Business functionality

Besides supporting CNM Wiki, the App serves as a practice tool in the learning that is delivered by Bracka School and related to knowledge management software.

System-user roles

Opplet handles identity and access management for the App (including "create account" and "change other users' rights" functions). Thus, the system-user roles of the App's users are those Opplet roles that are specifically based on rights of groups granted by MediaWiki. The software-defined rights can be found at MediaWiki's list of groups.

Platform

Main wikipage: CNM Farms
CNM Farms shall provide the App with all resources that the App needs in order to run smoothly, including:
Particularly, the platform shall:
  1. Make sure that the App is available 99.99% of the time for any 24-hour period;
  2. Doesn't store any confidential information, so such information cannot be accessed by anyone.

Security

Vulnerability alerts

Extensions

  • Extensions
  • Sendmail is required in order for the system to be able to send e-mails.
  • Shell access is required to run maintenance scripts; upgrading MediaWiki may be more difficult without it.

File permissions

Main wikipage: File permission

TLS

Main wikipage: TLS

PHP

Main wikipage: PHP security
PHP security is needed for pretty much any PHP environment; it is not necessarily specific to the App.

LocalSettings.php usually contains sensitive data such as database logins. This data should never be revealed to the public! Due to a security breach somewhere on the server, it might happen that other users are able to view the contents of files. In order to improve security of your data, you should set UNIX permissions for this file accordingly: The webserver user must have access to this file. If this is the same account, who is the owner of the file, then you can set permissions to 600. Sometimes, the webserver user is not the file owner, but they are in the owner's UNIX user group. In this case, permissions of 640 should be fine. For improved security you should narrow permissions down as far as possible.

Additionally, you can create a MySQL user, who is restricted to only the database used by the wiki and provide this user's credentials in LocalSettings.php. Also you can configure your database server to only accept connections from localhost - this should prevent access from outside in case of leaked credentials.

MariaDB

Maintenance scripts

Upload security

Main wikipage: Upload_security

   Upload permissions
   Per default, all registered users can upload files. To restrict this, you have to change $wgGroupPermissions:
   To prevent normal users from uploading files:
   $wgGroupPermissions['user']['upload'] = false;
   To create a special group called "uploadaccess", and allow members of that group to upload files:
   $wgGroupPermissions['uploadaccess']['upload'] = true;

See also

Development

Development of the Soft occurs under the MediaWiki for CNM Cloud project.

Related lectures

Errors

Error wiki.png



Symfony\Component\Ldap\Entry Object ( [dn:Symfony\Component\Ldap\Entry:private] => cn=natly0909_rou=applet,dc=career prize,dc=com
[attributes:Symfony\Component\Ldap\Entry:private] => Array ( [uid] => Array ([0] => natly0909_r ) [0] => Array ( [0] => Zina ) [I] => Array ( [0] => Sinih ) [gecos] => Array
[0] natly0909_r@gmail.com )))
[[Category:CNM COTS products]][[Category: CNM Cyber Orientation]][[Category: Articles]]