On Thu, Feb 19, 2009 at 12:30 PM, Thomas Dalton <[email protected]> wrote: > 2009/2/19 Robert Rohde <[email protected]>: >> I think you are significantly overestimating the difficulty. We >> already have an API [1] and similar tools that allow one to accomplish >> many similar tasks. For example, calling ?action=render will give you >> a llive HTML version of any current page that could be wrapped in a >> external site's own framing and stylesheets (though one would need to >> rewrite the url roots in most cases). The API already has tools for >> logging in and out while authenticating against WMF servers. And >> there is even a write API, though I believe that is currently disabled >> on the main sites. > > Ideally, you would want to authenticate in a way that doesn't give the > middle-man access to plaintext Wikimedia passwords.
True, though under the current system a middle man in position of a user authentication token could do exactly the same things to Wikimedia as someone with the plaintext password. Which is a short way of saying our system has never been built with much security in mind. -Robert Rohde _______________________________________________ foundation-l mailing list [email protected] Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
