Dang. Oh well. I'm attempting this through Ruby methods, so I'll have to get out some old cookie handling code to deal. Thanks for the answer.
On Dec 4, 2007 9:29 AM, Roan Kattouw <[EMAIL PROTECTED]> wrote: > Eddie Roger schreef: > > but I don't understand the benefit of just using cookies versus using > > tokens, especially for robots. I'm not questioning Brion's decision, > > just wondering if there was explanation. > The login token thing was insecure, because someone could sneak in a URL > like: > api.php?action=something&...&lgtoken=123ABC > With lgtoken being a valid login token, assigned to the attacker's > session. That would force the victim to take over the attacker's > session, and possibly get his IP autoblocked. > > Also, I don't understand how to implement his suggestion - is that > > just with cookies now? > Yep, just cookies. See here [1] for an example of how to login using PHP > and Snoopy. > > Roan Kattouw (Catrope) > > [1] > > http://lists.wikimedia.org/pipermail/mediawiki-api/2007-October/000117.html > > _______________________________________________ > Mediawiki-api mailing list > [email protected] > http://lists.wikimedia.org/mailman/listinfo/mediawiki-api >
_______________________________________________ Mediawiki-api mailing list [email protected] http://lists.wikimedia.org/mailman/listinfo/mediawiki-api
