Categories
Main MediaWiki MySQL PHP Tech

Password protecting MediaWiki with mod_auth_mysql

MediaWiki is the powerful software on which Wikipedia and many other sites are built. It does not, however, come with the option to password protect pages from being viewed. (It can password protect pages from being edited.)

If you need to setup a private, members-only wiki for internal use, here is how you can do it with MediaWiki software and the Apache server extension mod_auth_mysql:

1. Install MediaWiki as usual. Create a user account for yourself.

2. Add the following line to your LocalSettings.php file, located in the root of your MediaWiki installation. This will cause MediaWiki to use a simple MD5 hash for user passwords in the database, instead of the more complicated “salted hash hash” that it normally uses.

$wgPasswordSalt = false;

3. Activate mod_auth_mysql in Apache. This is usually done with a LoadModule line in your Apache configuration file (httpd.conf), provided the module is available. (If not, you may need to compile or download the module.)

LoadModule mysql_auth_module libexec/apache2/mod_auth_mysql.so

4. Create a new MySQL user that has SELECT access to the “user_name” and “user_password” fields in the “user” table of your MediaWiki installation. Apache will use this MySQL user for connecting to the MediaWiki database.

5. Configure mod_auth_mysql to use the MediaWiki user table for authentication by placing the follow directives in your Apache configuration file:



AuthName "This wiki is password protected (make sure the first letter of the username is Uppercase)"
AuthType Basic
require valid-user
AuthMySQLEnable On
AuthMySQLHost localhost
AuthMySQLUser unprivilegeduser
AuthMySQLPassword thesecretpassword
AuthMySQLDB mediawikidatabase
AuthMySQLUserTable user
AuthMySQLNameField user_name
AuthMySQLPasswordField user_password
AuthMySQLPwEncryption md5
AuthMySQLAuthoritative On

6. Restart Apache.

Your installation of MediaWiki should now be password-protected, but your username and password will let you in. This protects the entire wiki; no one will even know that MediaWiki is present until they login. To give other people access, you can either create user accounts for them, or you can create a guest account that they can use until they sign themselves up.

P.S. Thanks to Gary Thornock for helping me with the details of installing mod_auth_mysql on FreeBSD.

UPDATE (2008-09-11):
The latest version of MediaWiki (version 1.13) uses a new password format which is incompatible with mod_auth_mysql. It prepends “:A:” to each MD5 hash. Here is a workaround:

1. Create a MySQL view that mirrors the username and password, minus the prefix:
CREATE VIEW user_view AS SELECT user_id, user_name, substring_index(user_password, ':', -1) AS user_password FROM user;
2. Configure mod_auth_mysql to use user_view instead of user as the lookup table.

Categories
Main

CTO Breakfast

Last Friday was the monthly CTO Breakfast with Phil Windley. There was a big crowd, as usual, and good discussion.

Phil gave three people time to demonstrate “something cool”. The first was a demonstration of the new desktop version of Suse Linux with Expose-type features and cool desktop switching. The second was a demonstration of some of the new mobile offering from SCO. Both presentations seemed too “salesy” but both were interesting.

The third presentation was from Dallan Quass, demonstrating his new genealogy website called WeRelate. He’s doing very interesting things with WeRelate. It is a user-editable Wiki of genealogical information as well as a search engine. If you edit the Miller page to indicate that “Muller” is a common variation of “Miller” then the search engine will look for those pages too. (As a Mormon missionary in Brazil my name was often pronounced Müller.)

After the presentations there was great discussion. Here are my notes:

  • Groovy is an open source, dynamic interpretation of Java. It uses the same library. Grails is a Rails equivalent for Groovy.
  • I mentioned Twaingle, though I didn’t remember the name, which is a mashup between Flickr and a TWAIN driver.
  • Popcorn from Roxio makes it easy to get videos onto your iPod.
  • Malcolm Gladwell’s book Blink inspired Bruce at SCO to do “blind interviews”. When doing job interviews he puts a whiteboard between himself and the candidate so as to not be influenced by visual impressions. He said it has helped.
  • We are becoming “cyborgs” in a way — our exocortex is a combination of Google, our email, and other online resources that presumably make us faster and more efficient.
  • Scott Lemon referred to the overhead of phone calls as a “human politeness protocol overhead”. It’s much faster to use chat or Nextel’s Direct Connect than email or a phone because you don’t have to go through the pleasantries of hello and goodbye.
  • Croquet is an open source online game being developed by computer scientist Alan Kay. Will be a great learning tool for children and a model for studying distributed parallel computing.
  • In Croquet, any movement by a character is transmitted to all other machines, even if the movement isn’t rendered. A representation of the loss of privacy?
  • In Croquet, voice chats are muted depending on how close you are to the other person. If you whisper, others won’t hear you. (Spatial volume control.)
  • Bruce commented it would be nice if a 3D fly-through of his projects was automatically generated from code, the way documentation is generated. I wonder if Google Sketchup could be a start.
  • In Second Life, each server represents 16 acres of virtual land.
  • Squeak is a Smalltalk derivative that can be used to teach programming to children.
  • Scott said the current model of programming won’t survive. U.S. computers science students won’t be coders, the same way U.S. auto workers aren’t metallurgists. Americans in the tech field will have to be concerned with higher level architecture and management since an army of programmers in India, the Philippines and elsewhere will do the coding for so much cheaper.
  • In the Philippines, $2700/year is average salary. In India, $5000/year.
  • Someone mentioned that they were testing job candidates by asking them to conceptualize a double linked list, a task that ought to be easy for any computer science student. Most failed.
  • Phil Burns asked if candidates were allowed to call for help or use the Internet, since that models real life.
  • Phil said Provo Labs is starting to hire based on candidates’ networks — the size of their LinkedIn profile and their address book. If technical help can be outsourced and answers found online, it doesn’t make sense to hire based on skill alone.
  • Will the future bring people together temporarily (1099 employees) for ad-hoc projects, then disband?
  • In some cities it’s common to see workers gather in the morning at a corner, then a work truck will come by, ask for several of them, and then the group will disband. Will technical projects approach that? It’s possible to find temporary help for any technical skill online. Labor as a liquid asset.
  • See Future of Work by Thomas Malone
Categories
Main

Firefox extensions I love

I use both the Safari and Firefox browsers every day. Safari is fast and approaches perfection in following human interface guidelines. Firefox has extensions.

Here are the Firefox extensions that have me hooked:

  • Web Developer — lets you edit CSS, resize windows to match different screen sizes, outline any element, validate your code, look at form variables, and much more. This is a must-have for any web developer/programmer.
  • ColorZilla — find out the color code for any color on the web page using this eye dropper. A must have for any web designer.
  • FireBug — comprehensive error reporting and DOM controls for JavaScript. A must-have for JavaScript programmers.
  • LiveHTTPHeaders — captures HTTP traffic, including SSL traffic. A must-have for screen scrapers.
  • Google Toolbar for Firefox — shows Google Pagerank. A must-have for Internet marketers.
  • Forecastfox — displays the weather in the status bar. A must have for motorcycle and scooter riders.
Categories
Main

Comet

A couple of weeks ago I learned about a new technology (actually a new name for an old technology) called Comet. But I didn’t catch the parallel to Ajax — they’re both names for household cleaners (duh) — until I was talking with Phil yesterday.

The heart of AJAX is the XMLHTTPRequest object that sits in a user’s browser. This object can make its own connections to web servers, allowing content to be downloaded and refreshed on the screen based on an event in the browser. For example, if you zoom or pan a Google Map, the XMLHTTPRequest object downloads a new set of images for the map, without reloading the page.

Comet is similar, allowing content to be refreshed without reloading the page. But Comet doesn’t require an event to occur on the user’s end. Gmail’s embeddded chat is an application of Comet. The server can push content (in this case, new chat conversations) to the client at will.

The secret behind Comet is an embedded iframe through which a connection to the server remains continously open. This takes some extra tweaking of the server, but Comet connections don’t have the overhead of an Ajax model which must poll the server at some interval.

Ajax and Comet are similar but not fully interchangeable; I can see uses for each.

Read more about Comet. Also read about Comet from Phil Windley.

Categories
Main

What can’t you find in 30 seconds or less?

Insightful quote by Mark Cuban, advocating intellectual self-sufficiency:

“In the past, you had to memorize knowledge because there was a cost to finding it. Now, what can’t you find in 30 seconds or less? We live an open-book-test life that requires a completely different skill set.”

Source: ZDNet.com