Say, I noticed on Wikia one can make a user an administrator, even if he has never logged in yet.
This exposes a security risk. A bureaucrat pre-makes some accounts for future administrators, but before they establish accounts, somebody else establishes an account with that name, and becomes an instant administrator. I'm wondering if the is a MediaWiki-wide bug, or just Wikia's. _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
