https://bugzilla.wikimedia.org/show_bug.cgi?id=58438

--- Comment #3 from Chris Steipp <cste...@wikimedia.org> ---
With the caveats that Kunal put on the extension's page (account compromise if
you're not correctly using CentralAuth or shared user tables), the security
looks ok.

The site global scripts allow admins on the central site to fully control the
wikis using wgUseGlobalSiteCssJs, including elevating their own privileges, so
obviously should be used with extreme caution.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to