Page MenuHomePhabricator

Security review of Extension:Lockdown
Closed, DeclinedPublic


  • Review the extension for code safety
  • Review features for effectiveness with core permissions

Event Timeline

csteipp raised the priority of this task from to Needs Triage.
csteipp updated the task description. (Show Details)
csteipp added a subscriber: csteipp.
Bawolff changed the task status from Open to Stalled.Jun 21 2016, 3:50 PM
Bawolff added a subscriber: Bawolff.

marking stalled, pending how discussion goes on T95954 since we might not want to install this extension after all.

No response on the other bug. Marking declined. Please feel free to reopen when/if this needs a security review for deployment

Overall, I would prefer to have wikis be either all private or all public. If we need partial readability, I would prefer simple solutions like whitelists. MediaWiki is a complex application that overall is not designed for fine grained access controls, so having fine grained access controls implemented in extensions increases the risk of information disclosure significantly.