Talk:Main Page
Looking for a live chat to discuss the wiki? Check out our Discord!
Misc Talk
Why is Special:Version restricted to administrators?
First off, apologies if this is the wrong (on-wiki) place for this discussion. If so, I'd appreciate a pointer towards the correct page(s). :-)
Now, the MediaWiki core special page Special:Version lists information about this wiki and its software, like MediaWiki version, installed software libraries, installed MediaWiki extensions and skins and more. By default it is viewable by everyone, but on the ConsoleMods Wiki it's restricted to administrators. Why? It seems awfully silly, given that 1) it sounds awfully lot like "security through obscurity and 2) the information can still be retrieved by anyone (yes, even anons (!)) via the API entry point, api.php. --Jack Phoenix (talk) 18:49, 12 December 2023 (UTC)
- Generally, people reach out via our Discord or via my user talk page, but it wouldn't be the worst idea for me to move the todo list to a separate talk page.
- To answer your question, it is indeed security through obscurity for the event that I might not have updated MediaWiki core in a timely manner. Generally, I update it very quickly, but hiding the Versions page may thwart the 1 in 10 attackers who might be too naive or not care enough to run the API call in the unlikely scenario that a major vulnerability is found and I haven't kept on top of things. In my opinion, it's better to have that miniscule bit of deterrence or extra hoop that an attacker must jump through. Derf (talk) 22:58, 12 December 2023 (UTC)