Difference between revisions of "Educaship MediaWiki"

From CNM Wiki
Jump to: navigation, search
(MediaWiki)
(Software to be evaluated)
Line 135: Line 135:
 
#*Mailing lists
 
#*Mailing lists
 
#*Chat Channel
 
#*Chat Channel
 
===Software to be evaluated===
 
:#[[BlueSpice MediaWiki]].
 
:#[[Tiki Wiki CMS Groupware]].
 
:#[[Wiki.js]].
 
:#[[XWiki]].
 
  
 
==Acceptance criteria==
 
==Acceptance criteria==

Revision as of 22:30, 15 April 2023

CNM MediaWiki (formerly known as CNM Wikiware; hereinafter, the Soft) is the CNM stable app that is based on MediaWiki, which is a commercial off-the-shelf (COTS) wiki engine. In addition, the Soft deploys CNM MariaDB as its database management system and CNM LDAP for its authentication and authorization.

There are two major challenges that need to be addressed:

  1. Identity and access management. For a few years, the stable version of the Soft has not been updated due to new versions' conflict with CNM LDAP. At some period of time, CNM Technology Board considered migration WSO2 IS and wasn't sure whether LDAP would remain necessary.
  2. Software repository. Currently, the Soft itself is used as the repository; no federated repository is available. Because CNM Cloud includes a few end-user applications, there is an idea to create one under the Warehouse for CNM Cloud project. Similarly, Wikipedia utilizes Wikimedia Commons as its repository. In addition, a few problems with pictures occurred in the past. As of early 2023, no problems are observed, but the quantity of stored files are about to increase significantly.

The Soft is configured to power CNM Wiki, WikiHandsOn, or WikiNext, which are both CNMCyber services and parts of CNM Cloud.


Business functionality

Besides supporting CNM Wiki, the App serves as a practice tool in the learning that is delivered by Bracka School and related to knowledge management software.

System-user roles

Opplet handles identity and access management for the App (including "create account" and "change other users' rights" functions). Thus, the system-user roles of the App's users are those Opplet roles that are specifically based on rights of groups granted by MediaWiki. The software-defined rights can be found at MediaWiki's list of groups.

Architecture

The App is a MediaWiki instance that is run on CNM Farms.

Platform

Main wikipage: CNM Farms
CNM Farms shall provide the App with all resources that the App needs in order to run smoothly, including:
Particularly, the platform shall:
  1. Make sure that the App is available 99.99% of the time for any 24-hour period;
  2. Doesn't store any confidential information, so such information cannot be accessed by anyone.

Postponed upgrades

Currently, the App uses an outdated, 1.26.4 version of MediaWiki, because the extension used to connect to its OpenLDAP does not support newer versions. There are three choices to follow: (1) to find or create a new extension, (2) find another way to connect without using the extension, or (3) keep things as they are.
The team decided to keep things as they are since the current architecture is temporary. When a new private cloud based on OpenStack is launched in the fourth phase of CNM Cloud Project, its Keystone solution will be used for authentications. Plus, the App is going to contain no private information; all of its users' data is stored in Opplet.net.

Security

Vulnerability alerts

Extensions

  • Extensions
  • Sendmail is required in order for the system to be able to send e-mails.
  • Shell access is required to run maintenance scripts; upgrading MediaWiki may be more difficult without it.

File permissions

Main wikipage: File permission

TLS

Main wikipage: TLS

PHP

Main wikipage: PHP security
PHP security is needed for pretty much any PHP environment; it is not necessarily specific to the App.

LocalSettings.php usually contains sensitive data such as database logins. This data should never be revealed to the public! Due to a security breach somewhere on the server, it might happen that other users are able to view the contents of files. In order to improve security of your data, you should set UNIX permissions for this file accordingly: The webserver user must have access to this file. If this is the same account, who is the owner of the file, then you can set permissions to 600. Sometimes, the webserver user is not the file owner, but they are in the owner's UNIX user group. In this case, permissions of 640 should be fine. For improved security you should narrow permissions down as far as possible.

Additionally, you can create a MySQL user, who is restricted to only the database used by the wiki and provide this user's credentials in LocalSettings.php. Also you can configure your database server to only accept connections from localhost - this should prevent access from outside in case of leaked credentials.

MariaDB

Maintenance scripts

Upload security

Main wikipage: Upload_security

   Upload permissions
   Per default, all registered users can upload files. To restrict this, you have to change $wgGroupPermissions:
   To prevent normal users from uploading files:
   $wgGroupPermissions['user']['upload'] = false;
   To create a special group called "uploadaccess", and allow members of that group to upload files:
   $wgGroupPermissions['uploadaccess']['upload'] = true;

Evaluation criteria

Functional

  1. Mobile client support
  2. Content structuring:
    • Automatic updating of links to other pages when moved
    • effort required to create a comprehensive structure
    • classifying content into subject categories
    • HTML Tags
  3. Ease of use
    • Finding content
    • Navigating up and down, back and forth
    • Commenting: Discussion Pages or Threaded?
  4. Ease of content creation
    • WYSIWYG editor
    • Quoting
    • Image Editing
    • SVG Editing
  5. Ease of collaborative participation
    • Concurrent editing
  6. Content Management – Version tracking
  7. Modularity of installed components – Do they all have to be installed? If not, can they be installed at anytime?
  8. Additional functionality
    • Full text search
    • Blogs/Forums
    • Email Notification
    • Calendar
    • Structured data
    • Structured data trackers, analysis and report tools
    • RSS Syndication
    • File Galleries
    • Articles
    • FAQs
    • Quizzes
    • Featured links
    • Slideshow
    • Messages
    • Chat
    • Newsletters
    • Shoutbox
  9. Dynamic Content
  10. Automatic Table of Contents
  11. Create links easily with other wikis
  12. Content Template

Non-functional

  1. Security
    • LDAP use built in or through plug-in
    • Back-end Authentication Methods Supported, e.g., OpenID, Active Directory, LDAP, Shibboleth, CAS, IMAP
    • ACL Support
    • User and Group Management granularity
    • Email encryption
  2. Wiki Release schedule
  3. Size of development community
  4. Extensible programming language
  5. Plug-in availability
    • Internal
    • External
  6. Import
    • From Media-wiki
    • From other sources
  7. Export to various formats
  8. Data store
  9. Programming languages supported
  10. Support
    • Forums
    • Mailing lists
    • Chat Channel

Acceptance criteria

Vulnerability

# Feature Acceptance test Responsible
W001 PHP security Vendor for CNM Farms
W002 TLS The App vendor

Navigation

  1. URL
  2. URL for Russian speakers
  3. Logo
  4. CNM Wiki name

Editing alerts

Uploads

  1. SVG

Backup restoration

See also

Development

Development of the Soft occurs under the MediaWiki for CNM Cloud project.

Related lectures