Difference between revisions of "What to Protect"
imported>Admin m (5 revisions imported) |
|||
| (27 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
=Data Protection= | =Data Protection= | ||
Matomo insert a JavaScript program in pages to be tracked, in many browsers, there will be cases that this JavaScript tracking feature will be disabled. Please see the page on [[Why Matomo doesn't show page statistics]]. | |||
Prof. Susskind's website: http://urbancyberdefense.mit.edu | |||
==Matomo Login== | |||
When setting up Matomo, in case you cannot find the administrator username and password, you can try to read the following page:[https://matomo.org/faq/how-to/faq_191/ HOW DO I CHANGE THE SUPER USER’S PASSWORD When Password Recovery Emails are not sent?] | |||
==Matomo Data Analytics== | |||
[https://matomo.org Matomo.org] provides an open sourced solution to capture user statistics on websites. For MediaWiki, the administrator needs to put the following PHP code snippet to the end of LocalSettings.php. Adding JavaScript code snippet to all MediaWiki pages can refer to StackOverflow's solution<ref>https://stackoverflow.com/questions/25907743/how-to-add-external-script-to-head-section-for-all-mediawiki-pages</ref>: | |||
<syntaxhighlight lang=PHP> | |||
$wgHooks['BeforePageDisplay'][] = function( OutputPage &$out, Skin &$skin ) { | |||
$code = <<<HTML | |||
<!-- Matomo --> | |||
<script type="text/javascript"> | |||
var _paq = window._paq = window._paq || []; | |||
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */ | |||
_paq.push(['trackPageView']); | |||
_paq.push(['enableLinkTracking']); | |||
(function() { | |||
var u="//localhost:8080/matomo/"; | |||
_paq.push(['setTrackerUrl', u+'matomo.php']); | |||
_paq.push(['setSiteId', '1']); | |||
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; | |||
g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); | |||
})(); | |||
</script> | |||
<!-- End Matomo Code --> | |||
HTML; | |||
$out->addHeadItem( 'gtag-insert', $code ); | |||
return true; | |||
}; | |||
</syntaxhighlight> | |||
=Page Content Security Policy= | |||
https://doc.wikimedia.org/mediawiki-core/master/php/classContentSecurityPolicy.html | |||
==Login mechanisms== | ==Login mechanisms== | ||
===MySQL=== | |||
For access to the local instance of MySQL, one can add the entrypoint statement to docker-compose.yml. The original reference can be found here<ref>https://gist.github.com/rordi/ab55c92848fd06884172ed22ae88d7df</ref>: | |||
<syntaxhighlight lang=YAML> | |||
version: '3' | |||
services: | |||
database: | |||
image: xlp0/mariadb | |||
restart: always | |||
entrypoint: mysqld_safe --skip-grant-tables --user=mysql | |||
environment: | |||
MYSQL_DATABASE: my_wiki | |||
MYSQL_USER: wikiuser | |||
MYSQL_PASSWORD: example | |||
MYSQL_RANDOM_ROOT_PASSWORD: 'yes' | |||
volumes: | |||
- ./mountPoint/mariadb:/var/lib/mysql | |||
</syntaxhighlight> | |||
===QRCode=== | |||
QRCode-based login is popular in the WeChat user community. Open Source QRCode log-in code base can be found here<ref>https://backendless.com/how-to-implement-mobile-to-web-cross-login-using-a-qr-code/</ref><ref>https://github.com/mebjas/html5-qrcode</ref><ref>https://github.com/gruhn/vue-qrcode-reader</ref>. | QRCode-based login is popular in the WeChat user community. Open Source QRCode log-in code base can be found here<ref>https://backendless.com/how-to-implement-mobile-to-web-cross-login-using-a-qr-code/</ref><ref>https://github.com/mebjas/html5-qrcode</ref><ref>https://github.com/gruhn/vue-qrcode-reader</ref>. | ||
| Line 9: | Line 68: | ||
===Nginx Reverse Proxy=== | ===Nginx Reverse Proxy=== | ||
A common practice to set up website is to use Nginx as a reverse proxy to direct web traffic through an encrypted channel, often called [[https]]. The following page on [[Nginx as Reverse Proxy]] shows how to do it. | A common practice to set up website is to use Nginx as a reverse proxy to direct web traffic through an encrypted channel, often called [[https]]. The following page on [[Nginx as Reverse Proxy]] shows how to do it. | ||
=License Protection= | |||
An article on how to set up licenses can be found here<ref>https://wiki.freephile.org/wiki/Licensing#Licensing_of_Wiki_content</ref>. | |||
To add [[MW:Manual:$wgFooterIcons|FooterIcons]] to MediaWiki, you may refer to this page<ref>https://how-to.fandom.com/wiki/How_to_customize_MediaWiki</ref>. | |||
=References= | =References= | ||
Latest revision as of 14:02, 8 June 2021
Data Protection
Matomo insert a JavaScript program in pages to be tracked, in many browsers, there will be cases that this JavaScript tracking feature will be disabled. Please see the page on Why Matomo doesn't show page statistics.
Prof. Susskind's website: http://urbancyberdefense.mit.edu
Matomo Login
When setting up Matomo, in case you cannot find the administrator username and password, you can try to read the following page:HOW DO I CHANGE THE SUPER USER’S PASSWORD When Password Recovery Emails are not sent?
Matomo Data Analytics
Matomo.org provides an open sourced solution to capture user statistics on websites. For MediaWiki, the administrator needs to put the following PHP code snippet to the end of LocalSettings.php. Adding JavaScript code snippet to all MediaWiki pages can refer to StackOverflow's solution[1]:
$wgHooks['BeforePageDisplay'][] = function( OutputPage &$out, Skin &$skin ) {
$code = <<<HTML
<!-- Matomo -->
<script type="text/javascript">
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//localhost:8080/matomo/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '1']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<!-- End Matomo Code -->
HTML;
$out->addHeadItem( 'gtag-insert', $code );
return true;
};
Page Content Security Policy
https://doc.wikimedia.org/mediawiki-core/master/php/classContentSecurityPolicy.html
Login mechanisms
MySQL
For access to the local instance of MySQL, one can add the entrypoint statement to docker-compose.yml. The original reference can be found here[2]:
version: '3'
services:
database:
image: xlp0/mariadb
restart: always
entrypoint: mysqld_safe --skip-grant-tables --user=mysql
environment:
MYSQL_DATABASE: my_wiki
MYSQL_USER: wikiuser
MYSQL_PASSWORD: example
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
volumes:
- ./mountPoint/mariadb:/var/lib/mysql
QRCode
QRCode-based login is popular in the WeChat user community. Open Source QRCode log-in code base can be found here[3][4][5].
Network Protection
Encryption and authentication are some basic network-based security measures. A practical tool for network protection is Reverse Proxy Service.
Nginx Reverse Proxy
A common practice to set up website is to use Nginx as a reverse proxy to direct web traffic through an encrypted channel, often called https. The following page on Nginx as Reverse Proxy shows how to do it.
License Protection
An article on how to set up licenses can be found here[6].
To add FooterIcons to MediaWiki, you may refer to this page[7].
References
- ↑ https://stackoverflow.com/questions/25907743/how-to-add-external-script-to-head-section-for-all-mediawiki-pages
- ↑ https://gist.github.com/rordi/ab55c92848fd06884172ed22ae88d7df
- ↑ https://backendless.com/how-to-implement-mobile-to-web-cross-login-using-a-qr-code/
- ↑ https://github.com/mebjas/html5-qrcode
- ↑ https://github.com/gruhn/vue-qrcode-reader
- ↑ https://wiki.freephile.org/wiki/Licensing#Licensing_of_Wiki_content
- ↑ https://how-to.fandom.com/wiki/How_to_customize_MediaWiki