I have some pages which I want to restrict access to specific users, i.e, I want user A and user B only to view this page. How can this be done? Do I need additional extensions or it can be done through LocalSettings.php for example?
You could try this extension: Extension:AccessControl. I've not deployed it to my wiki sites, but a quick read of the pages suggests it might be what you're looking for.
Note though that as Tgr covered in the comments above, Mediawiki is not intended to operate like this, so the extension could be fundamentally flawed in its implementation. Practise due diligence if you try to deploy any 3rd party extensions. Alternatively, look into alternative CMSs that handle access control as a core feature.
I have taught myself HTML/CSS and some JavaScript as a hobby, and have reached the point where I am comfortable building a clean simple website. The company I work for (we do nothing related to coding) has a website that is quite outdated so naturally I saw this as an opportunity for my first live site. I approached my Managers at work to take a look at my first mock up and they loved it and want me to revamp our current site.
The one concern they have with me being a rookie is the issue of web security. Essentially they want to make sure that the website I build leaves no vulnerability for someone to hack through our server, start editing our website, etc.
There are no interactive components to the current website. I plan to build this website with only HTML and CSS, and perhaps add some JavaScript later down the road once I progress in my learning a bit more. There are no account logins or areas to enter personal information anywhere on the site.
My question comes down to this -- what can I do to ensure that the website I build is not leaving our company vulnerable? I have done a lot of searching around Stack Overflow and other websites but I am not confident I am finding the correct information.
Details that might make a difference:
Our company website is hosted through godaddy.com
Our website is currently on Wordpress, but I will probably not use Wordpress for the new website
I greatly appreciate all of your help!
since there should be no direct interacting with the server ex PHP and AJAX only HTML CSS and js there should be no security issue, as js and HTML can't edit/delete/read server files, only server-side programming can. eventually you may want to invest in PHP almost no website is complete without PHP or AJAX. take me for example, I used to use just HTML, CSS, and js. then I wanted to do more.. log form answers to a file, show different pages based on the query string. these things are virtually impossible in a HTML, CSS, and js only environment. I would also recommend atleast getting free protection from cloud flare.. they give free shared hosting wildcard SSL, and free DDOS protection, granted for a business you might want to invest a little more than free but free would be a good starting point
also you could pay someone to test the vulnerability of your company, take for example OurMine. a legal hacking group.. you pay them to test your security and they do just that. (they claim they don't log anything that they get) otherwise there might be vulnerabilities you may not be aware of
When you are concerning about just AJAX call, I would help you out for following suggestion regarding "Function access rule from AJAX".
By adding "_" as a prefix for Function name, we can prevent function to be called from The Web publicly. This is the best practice when we need some specific function to be accessed via AJAX only.
Kindly, refer my answer given in other question.
[Website Security: How to learn?
I'm looking for web applications that users can use without registration, just by visiting the site, and make you register later after you spent some time.
Any good examples?
Stack Overflow; question an answer sites.
Google News; blogs and newsfeeds.
Apple's iTunes Store, Amazon; anything where you have a shopping cart.
:-)
There's this site called StackOverflow.com
Sometimes when you are looking for example sites that you've seen in the past, it is just to increase your own confidence that you are doing it right. If you have a good idea of the advantages of this style of progressive registration, why not take a moment to write down & plan out how it should work for your site?
Edit content without registration (but create a pseudo-account using IP address):
wikipedia
Register with your email address, optionally password protect your account later:
http://www.instapaper.com/
Registration as a side effect of paying for a product
Amazon (if I remember correctly)
I am thinking of developing a blog application. I understand that this has already been done many times. But i like do for learning purpose.
I like to know for this kind of blog application.
What are the desired features to develop?
Some interesting features that you may want to implement are (in no particular order):
WYSIWYG editor (use one of the available like TinyMCE) for writing the posts. This is interesting for the sanitisation of input (you may/may not want your posters to be able to use certain HTML tags for instance).
upload system for images/files that you want to include in posts
support of comments with possibility of moderation
voting system for the posts
"share me" system (note in Google Reader, share on FaceBook, StumbleUpon etc etc.) (but note this :D :D)
support of tags
automatic suggestion of tags depending on the post text/title
support for multiple users with different privileges. For instance you may have various types of users (admins, posters, guests) with different privileges: admins can modify all the posts, posters only their own posts, guest can only read. Other things may include different maximum upload size for the images etc etc
implementation of linkbacks (trackbacks / pingbacks / refbacks)
I guess this is already plenty of work! Enjoy!!!
First, see the blog-in-15-minutes screencast in Ruby on Rails. This shows you the basic components and features and how to implement them, even if you do not want to use Rails.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
Say I had an open-source project which I wanted to try and generate some exposure for. Would it be considered unethical to set up a project entry for it on several sites such at github, sourceforge and google code, for example?
This would be purely for giving it greater exposure. I realise there might be some practical reasons for doing this, such as wanting to use github for source control, and sourceforge for issue tracking, forums and such. For the sake if this question I'm wanting to focus more on the case where you use one of the sites as the main site for the project, and make "stub" projects on the other sites that point back to the main site.
My gut feeling is that while it may not be outrightly unethical, it might be bordering on the sleezy side...
Stick with one provider. "If you build it, they will come" :)
Besides, once people do start coming, they'll just google the project name anyway. Finding the same project on Sourceforge, Github and Google Code is just going to annoy the hell out of people.
I don't know about the ethics, but consider the practicalities:
you will have to do multiple repeated
uploads to several different sites,
doing it to a single site can be a
pain
users won't know which site to report
bugs at
if you use the SVN/CVS/git
repositories, you will have multiple
copies of your code in different
repositories - a very bad idea
I'm sure there are other problems. So stick to one site - I've been using Google Code for a small project I've just started (CSVfix, if anyone is interesed) and I can recommend Google as being very easy to set up.
I think this is fine, for the reason that each provider may have something you want. You should pick the services that are best for your project. For example:
Google code has file hosting, but the issue management is terrible, so
Launchpad has great bug tracking, but no wiki, and we use Mercurial, so
Bitbucket.org has mercurial hosting etc..
So it might be reasonable to use Launchpad for bug tracking, and Google code for hosting files and wiki, and Bitbucket.org for hosting source.
I would suggest choose your preferred host for your project. You can publish about your project on many forums. Exposure will come via search engines.
I don't know why you think it would be unethical or sleezy. Maybe you can say more about that so people could address your concerns directly. To measure that, consider if you are intentionally breaking the rules of the service, lying to anyone about how you are using the service, and being deceptive in some other way. If you are using multiple services, I don't think you have anything to hide.
Consider the Perl community, which is the one I deal with. Several projects are hosted on one of the source control services, such as SourceForge, Google Code, or Github. The main distribution for most Perl stuff is CPAN, though. Other people may distribute through Freshmeat or some other service. The main issue tracker comes from Best Practical, which hosts a free RT for every Perl module on CPAN. Most of the people I know use the best from more than one service. Indeed, the Web 2.0 way is to create applications by cobbling together services from multiple vendors. :)
You should also think about the social construction of these free sites. Places like SourceForge and Github give out free accounts, but they also sell services. They get the buzz through the free stuff that allows them to sell the premium services. I don't see anything wrong with that. If you're using the free services, just realize that in return for your free use, they get to use you as free tester, advertiser, and so on. Again, I don't see anything wrong with that. It's just part of the deal. You aren't just taking from them, you are also giving to them. There's an exchange between consenting parties.
What would be unethical, I think, is any service that forbids you to use another service or intentionally sets up a situation which would make it hard for you to use another service by not being compatible with common tools or not giving you access to your data (e.g. somehow disallowing git-svn, and so on).
Services spanning these various hosts will be inconvenient and difficult to maintain. For the above mentioned reliance on search engines to generate traffic take care to chose a name that differentiates your project from the web noise. A clear indication that traffic will not arrive is if your project first gets a re-recommendation on spelling. Take for example the people who brought you the chattr project from GNU. Immediately chatr is suggested as the proper search and your traffic will suffer accordingly.
as i has already been said having to maintain the code on several hosts will make it more trouble then it is worth. What you have to think is you would need to make sure that it uploads properly over several hosts, it would more then likely cause confusion to some over if one copy is legit and the others aren't which in turn could cause a bad name for the project before you even start.
End of the day there are much more, better ways to spread the word of your project, social networking sites, specific related forums are two main ones for you to consider, either way you would be better off spending your time posting to several sites then you would uploading and maintaining code on several sites.
I consider having several (independent) mirrors to be a benefit for the community, because such distributedness assures more reliable accessibility of your public work, now and in future (it will survive the failure of any single hosting site).
That's why I want to keep track of the available diffeent options to publicly host open-source projects:
Which public hosting sites for darcs projects are there?
Which public Git hosting sites are there that are free software?
I believe it's rather ethical (or moral) to put some effort into ensuring that your public work is published in the most accessible way (well documented, and with some guarantees about it being accessible at any moment when someone is interested).
The effort for you to push your work to several places independently (I mean, they won't depend on each other) and manage all this is probably not really a nightmare (as suggested in some other answers here), especially with a DVCS. For example, one can even set up Git so that one pushes to several places with just one command.
I feel that unless you are forcing someone to read something done by you, but you are rather just putting your stuff somewhere for it to be findable and accessible if someone is interested, you are not egoistic or ego-whatever.