Difference between revisions of "What to Protect"

From PKC
Jump to navigation Jump to search
BenKoo>Benkoo
 
(30 intermediate revisions by 6 users not shown)
Line 1: Line 1:
=Data Protection=
=Data Protection=
Matomo insert a JavaScript program in pages to be tracked, in many browsers, there will be cases that this JavaScript tracking feature will be disabled. Please see the page on [[Why Matomo doesn't show page statistics]].
Prof. Susskind's website: http://urbancyberdefense.mit.edu
==Matomo Login==
When setting up Matomo, in case you cannot find the administrator username and password, you can try to read the following page:[https://matomo.org/faq/how-to/faq_191/ HOW DO I CHANGE THE SUPER USER’S PASSWORD When Password Recovery Emails are not sent?]
==Matomo Data Analytics==
[https://matomo.org Matomo.org] provides an open sourced solution to capture user statistics on websites. For MediaWiki, the administrator needs to put the following PHP code snippet to the end of LocalSettings.php. Adding JavaScript code snippet to all MediaWiki pages can refer to StackOverflow's solution<ref>https://stackoverflow.com/questions/25907743/how-to-add-external-script-to-head-section-for-all-mediawiki-pages</ref>:
<syntaxhighlight lang=PHP>
$wgHooks['BeforePageDisplay'][] = function( OutputPage &$out, Skin &$skin ) {
    $code = <<<HTML
<!-- Matomo -->
<script type="text/javascript">
  var _paq = window._paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="//localhost:8080/matomo/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '1']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Matomo Code -->
HTML;
    $out->addHeadItem( 'gtag-insert', $code );
    return true;
};
</syntaxhighlight>
=Page Content Security Policy=
https://doc.wikimedia.org/mediawiki-core/master/php/classContentSecurityPolicy.html


==Login mechanisms==
==Login mechanisms==
QRCode-based login is popular in the WeChat user community. Open Source QRCode log-in code base can be found here<ref>https://backendless.com/how-to-implement-mobile-to-web-cross-login-using-a-qr-code/</ref><ref>https://github.com/mebjas/html5-qrcode</ref>.
 
===MySQL===
For access to the local instance of MySQL, one can add the entrypoint statement to docker-compose.yml.  The original reference can be found here<ref>https://gist.github.com/rordi/ab55c92848fd06884172ed22ae88d7df</ref>:
<syntaxhighlight lang=YAML>
version: '3'
services:
  database:
    image: xlp0/mariadb
    restart: always
    entrypoint: mysqld_safe --skip-grant-tables --user=mysql
    environment:
      MYSQL_DATABASE: my_wiki
      MYSQL_USER: wikiuser
      MYSQL_PASSWORD: example
      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
    volumes:
      - ./mountPoint/mariadb:/var/lib/mysql
</syntaxhighlight>
 
===QRCode===
QRCode-based login is popular in the WeChat user community. Open Source QRCode log-in code base can be found here<ref>https://backendless.com/how-to-implement-mobile-to-web-cross-login-using-a-qr-code/</ref><ref>https://github.com/mebjas/html5-qrcode</ref><ref>https://github.com/gruhn/vue-qrcode-reader</ref>.


=Network Protection=
=Network Protection=
a
Encryption and authentication are some basic network-based security measures. A practical tool for network protection is Reverse Proxy Service.
sdfdasf
a


==Nginx Reverse Proxy==
===Nginx Reverse Proxy===
A common practice to set up website is to use Nginx as a reverse proxy to direct web traffic through an encrypted channel, often called [[https]]. The following page on [[Nginx as Reverse Proxy]] shows how to do it.
A common practice to set up website is to use Nginx as a reverse proxy to direct web traffic through an encrypted channel, often called [[https]]. The following page on [[Nginx as Reverse Proxy]] shows how to do it.
=License Protection=
An article on how to set up licenses can be found here<ref>https://wiki.freephile.org/wiki/Licensing#Licensing_of_Wiki_content</ref>.
To add [[MW:Manual:$wgFooterIcons|FooterIcons]] to MediaWiki, you may refer to this page<ref>https://how-to.fandom.com/wiki/How_to_customize_MediaWiki</ref>.


=References=
=References=

Latest revision as of 14:02, 8 June 2021

Data Protection

Matomo insert a JavaScript program in pages to be tracked, in many browsers, there will be cases that this JavaScript tracking feature will be disabled. Please see the page on Why Matomo doesn't show page statistics.

Prof. Susskind's website: http://urbancyberdefense.mit.edu

Matomo Login

When setting up Matomo, in case you cannot find the administrator username and password, you can try to read the following page:HOW DO I CHANGE THE SUPER USER’S PASSWORD When Password Recovery Emails are not sent?

Matomo Data Analytics

Matomo.org provides an open sourced solution to capture user statistics on websites. For MediaWiki, the administrator needs to put the following PHP code snippet to the end of LocalSettings.php. Adding JavaScript code snippet to all MediaWiki pages can refer to StackOverflow's solution[1]:

$wgHooks['BeforePageDisplay'][] = function( OutputPage &$out, Skin &$skin ) {
    $code = <<<HTML
<!-- Matomo -->
<script type="text/javascript">
  var _paq = window._paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="//localhost:8080/matomo/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '1']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Matomo Code -->
HTML;

    $out->addHeadItem( 'gtag-insert', $code );
    return true;
};

Page Content Security Policy

https://doc.wikimedia.org/mediawiki-core/master/php/classContentSecurityPolicy.html

Login mechanisms

MySQL

For access to the local instance of MySQL, one can add the entrypoint statement to docker-compose.yml. The original reference can be found here[2]:

version: '3'
services:
  database:
    image: xlp0/mariadb
    restart: always
    entrypoint: mysqld_safe --skip-grant-tables --user=mysql
    environment:
      MYSQL_DATABASE: my_wiki
      MYSQL_USER: wikiuser
      MYSQL_PASSWORD: example
      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
    volumes:
      - ./mountPoint/mariadb:/var/lib/mysql

QRCode

QRCode-based login is popular in the WeChat user community. Open Source QRCode log-in code base can be found here[3][4][5].

Network Protection

Encryption and authentication are some basic network-based security measures. A practical tool for network protection is Reverse Proxy Service.

Nginx Reverse Proxy

A common practice to set up website is to use Nginx as a reverse proxy to direct web traffic through an encrypted channel, often called https. The following page on Nginx as Reverse Proxy shows how to do it.

License Protection

An article on how to set up licenses can be found here[6].

To add FooterIcons to MediaWiki, you may refer to this page[7].

References