On Fri, Mar 15, 2013 at 7:44 AM, Amgine <[email protected]> wrote:
> Several questions: > > # Will the action=createaccount be disabled by default? > No, it's enabled by default. Note that action=createaccount itself landed a few weeks ago; I'm just adding the captcha support. > # If enabled, is the action=createaccount reserved to a specific user > group? > action=createaccount calls into LoginForm for the actual user creation; it's the same code as creating an account on the web interface and should use the same permissions. > # At first blush this appears to be designed to enable xrumer bruting. > Have you considered adding optional single-use otf image creation for > fancy captcha, which would be more cost effective on small wikis? > Brute-forcing captchas on the createaccount API should be exactly as easy/difficult as brute-forcing on the createaccount form. I have not explored new captcha engines or techniques; that would be interesting to explore but is out of scope for me right now. > # There are several private modules for ConfirmEdit, as well as sites > using different captchas based on ConfirmEdit (Asirra?) How might this > interact with a site using a different (non-supported) captcha module? > If the module implements the addCaptchaAPI method -- already existing for some time and used by action=edit and action=login -- then it should work with action=createaccount as well. -- brion
_______________________________________________ Mediawiki-api mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
