Robert Rohde wrote: > True, though under the current system a middle man in position of a > user authentication token could do exactly the same things to > Wikimedia as someone with the plaintext password. Which is a short > way of saying our system has never been built with much security in > mind. > > -Robert Rohde
You could make them authenticate against wikipedia and send edits directly to wikipedia (eg. AJAX). With no password handling from the other site*. However, it still places the remote site in a place where it is able to automatically revert a page or perform an edit on wikipedia without the (wikipedia logged-in) visitor even noticing it. basedrop: My advice is to just include the content, making the edit link point to wikipedia instead of trying to integrate edition into your site. *If you integrate wikipedia login with the external site, how would you prevent the external site to change to a 'grab password' system? _______________________________________________ foundation-l mailing list foundation-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l