On 09/08/10 12:43, Mike.lifeguard wrote: > On 10-08-08 04:02 PM, John Doe wrote: > > How about requiring a password/code to go along with rev_id in order > > to use the tool (similar to the move to commons process? > > > Delta > > Yes, I suppose that's possible. Can we use Basic or Digest auth to > protect parts of our web space? I suppose the tool itself could do > authentication, I'd have to learn how...
*.toolserver.org is most likely full of XSS vulnerabilities. It doesn't matter what sort of authentication you use, it's pointless if anyone can run arbitrary client-side scripts on it via XSS. I don't think any private data should be delivered on this domain at all. And I don't think authenticated write operations should be there either. -- Tim Starling _______________________________________________ Toolserver-l mailing list ([email protected]) https://lists.wikimedia.org/mailman/listinfo/toolserver-l Posting guidelines for this list: https://wiki.toolserver.org/view/Mailing_list_etiquette
