https://bugzilla.wikimedia.org/show_bug.cgi?id=9838
--- Comment #18 from Platonides <[email protected]> 2012-06-08 22:44:49 UTC --- (In reply to comment #17) > OK, so here's my suggestion. I like the SpecialPage idea, but I'm a little > weary about relying on memcached so much, mainly in the case of installations > where the wiki is configured not to have any type of object caching. We refer to it as memcached, but $wgMemc can be backed by other things, including the DB. We could use a cache which defaults to CACHE_ANYTHING. > Also, like > the rest of the world, I'm damn lazy and don't like writing a lot of code when > we don't have to. :) > So here's my suggestion. Mediawiki already has a logging table... > > After any login (good or bad): > Log the login. > > When logged in user browses any page: > Show notification for bad logins (similar to new talk page > message notification). > > After X bad logins in Y amount of time w/o user logging in: > Email user. > > In this setup, the user is only emailed if they haven't logged in during the > attacks, because with notifications there's no need to warn a user twice about > the same thing. If it's not implemented as a SpecialPage or other separate action, they could be missing the notification, while the wiki counts it as "shown". We could add a button to the special page to clear the store and thus reset the sending of an email. > Also, all login attempts are stored permanently in Special:Log, > which means the user can look at his authentication records whenever he/she > wants. Users will be restricted to viewing only their own auth logs unless > they > have a special permission to view all auth logs. Also, there would be wiki > configuration variables that can enable/disable logging good logins, > enable/disable this feature altogether, enable/disable notifications, and set > the email intervals. WMF sites wouldn't want to permanently store the login attempts in the logs. Even if you only stored the bad ones. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
