https://bugzilla.wikimedia.org/show_bug.cgi?id=19161
Nemo_bis <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|High |Normal Summary|Auto account creation |Don't autologin if local |creates privacy |account doesn't exist |vulnerability |(don't autocreate if user | |doesn't explicitly login) Severity|normal |enhancement --- Comment #57 from Nemo_bis <[email protected]> 2012-03-12 08:41:58 UTC --- This bug is becoming more and more useless. As we don't even agree that what outlined in comment 0 and so on is a severe vulnerability, not to speak of solutions, it's perhaps better to agree on what could reasonably be done and then decide to do it or not. (In reply to comment #50) > The status should become a true "new registered user" only when the user will > either : > - (1) visit his own "User Preferences" page (and confirmed the registration by > STORING the changes after first defining his prefered language, and then found > and set the email email options), [...] Please, let's keep things "simple". The autocreation is triggered by autologin, so to avoid the former it would be enough to disable the latter. This is probably technically inaccurate, I hope you can forgive me. I changed the summary to: «Don't autologin if local account doesn't exist (don't autocreate if user doesn't explicitly login)». (Bug 16864 refers to a more specific situation. If you've never visited a wiki before, you'd need to click the login button to get your local account autocreated and login. This is what already happens on wikis where autologin doesn't work (bug 14407) and it has some problems: 1) you need to remember whether you've visited the wiki before to understand what's going on/remember to login, 2) when you get to the login page, you have to know that you can just login and don't need to register; so a solution for both or at least (2) should be found. This seems to be what the bug originally requested: (In reply to comment #0) > Therefore I propose to disable automatic account creation on GET-requests and > instead use only POST-requests to create accounts. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
