If we plan to rely on elevated security more, it needs to be documented better. The hook and configuration variables have reasonably informative documentation pages ($wgReauthenticateTime, $wgAllowSecuritySensitiveOperationIfCannotReauthenticate, SecuritySensitiveOperationStatus) which is good for wiki admins but not for users or developers needing a quick overview of the concept. There should be a help page and a manual page.
Description
Description
Related Objects
Related Objects
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T197160 All security-sensitive MediaWiki functionality should require elevated security | |||
Open | None | T197130 Document MediaWiki elevated security feature |
Event Timeline
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 13 2018, 3:37 PM2018-06-13 15:37:39 (UTC+0)
• Vvjjkkii renamed this task from Document MediaWiki elevated security feature to h3aaaaaaaa.Jul 1 2018, 1:04 AM2018-07-01 01:04:34 (UTC+0)
Ankry renamed this task from h3aaaaaaaa to Document MediaWiki elevated security feature.Jul 1 2018, 4:32 PM2018-07-01 16:32:27 (UTC+0)
• srodlund moved this task from Backlog to New Technical Documentation Request on the Documentation board.Aug 16 2018, 5:59 PM2018-08-16 17:59:58 (UTC+0)