On 03/08/10 01:18, [email protected] wrote: > Say, I noticed on Wikia one can make a user an administrator, even if he > has never logged in yet. > > This exposes a security risk. A bureaucrat pre-makes some accounts for > future administrators, but before they establish accounts, somebody else > establishes an account with that name, and becomes an instant > administrator. > > I'm wondering if the is a MediaWiki-wide bug, or just Wikia's. > > _______________________________________________ > MediaWiki-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > Yes this is MediaWiki wide, but in no way is it a bug. The feature is there for various reasons, one I can think of off the top of my head is bots, sysop bots. If a user is running a smaller wiki deployment, and they need a sysop bot quickly, they do not want to have to wait around for a while or put in a lot of work just to be able to give it that needed bot flag..
Other examples are welcome :) _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
