Suppress List of users for anonymous

**waltera** · 07-15-2009 03:48 PM

Hi,
We have just started to use deki (9.02) at our institute. As we use LDAP for authentification the anonymous user can see the user names of many users that we have at our site - they are the same names as are used for general login to our site. This does not seem desirable to us as it makes attacks e.g. via ssh a bit easier. Nevertheless would we like to have some top level pages of our deki visible to the world.
Question: can the "list of users" page be allowed only for logged in users? and disallowed for an anonymous viewer?

Thanks, Walter

**SteveB** · 08-11-2009 10:35 PM

Make sure to file a bug on this issue so we can add this as a feature in a future release. Thanks.

**Guerric** · 08-14-2009 09:24 PM

Note: This method only disables user listing from the UI. The API is still open.

You can disable the user listing plugin by adding this to your LocalSettings.php file.

Code:

$key = array_search('special_listusers', $wgDefaultDekiSpecialPages);
if ($key !== false)
{
	unset($wgDefaultDekiSpecialPages[$key]);
}

Thread: Suppress List of users for anonymous

Thread Tools

Search Thread

Display

Suppress List of users for anonymous

Posting Permissions