Hi Ad, There are some security considerations if you're going to do that:
* We disable site and user .js on Special:UserLogin, so a malicious admin can't add password sniffing javascript to the login page * We disable framing the page to prevent various redressing attacks * If your site is mixed http/https, there is special handling on that page to ensure the user enters/submits their password over https. * If you're using CentralAuth or another SSO system, then we check if you're logged in on Special:UserLogin, to work around some browser cookie policies. So it's *usually* not a good idea to create your own login widget. But if you're running your site entirely under https, have a limited number of admins, add XFO headers on all pages, and don't use any SSO system, then go for it! On Tuesday, September 29, 2015, Ad Strack van Schijndel < [email protected]> wrote: > Hi, > > Is there a way to embed the login and/or the account creation on normal > pages? > > I would like to have the possibility to login in a sidebar as long as the > user is anonymous. So that there are no extra clicks to login. > > I'm sure if there isn't, there is a very good reason for that and I would > like to understand that reason. > > Ad > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
