https://bugzilla.wikimedia.org/show_bug.cgi?id=19161
--- Comment #2 from [email protected] 2009-06-11 17:37:05 UTC --- > Disabling account creation if there's an external referer would drop this > concern. I'm not so sure about that. What if there is no referer (e.g. link in IRC)? Also, this is confusing for the user: sometimes accounts are created automatically, and sometimes not. What if the user gets both the link to evilserver and the wiki page? Presumably he clicks on both of them in a short space of time, which would mean the same kind of vulnerability. IMHO the best way of fixing this (and the only way that is completely secure) is to disable the feature. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
