That's interesting.? Someone signs up with service X to pull details from your service Y that perhaps you don't want the world to know.? Like that you've watchlisted Oral Sex.
How do I, as service X make sure that you as Service Y actually have the user's approval for this pulling of my data ? Seems like, in-project we would need some sort of user-embedded flag to say "Talk with service Y it's OK!"? That would be the only secure way to do it, wouldn't it? Will Johnson -----Original Message----- From: David Gerard <[email protected]> To: English Wikipedia <[email protected]> Sent: Thu, Jul 23, 2009 11:56 am Subject: Re: [WikiEN-l] [Wikitech-l] Watchlistr.com, an outside site that asks for Wikimedia passwords Update: The developer of watchlistr is now discussing on wikitech-l how to do this on the toolserver, and how to authenticate without passwords being saved on the toolserver (which is not allowed). Further detail no doubt to come :-) - d. 2009/7/22 David Gerard <[email protected]>: > fyi > From: Sage Ross <[email protected]> > Date: 2009/7/22 > Subject: [Wikitech-l] Watchlistr.com, an outside site that asks for > Wikimedia passwords > To: [email protected] > I'm not sure what to do about this; it seems like a good idea but a > major security risk: > http://www.watchlistr.com/ is a site that creates aggregate watchlists > across multiple projects. See > http://en.wikipedia.org/w/index.php?title=Wikipedia:Bounty_board#Transwiki_watchlist_tool _______________________________________________ WikiEN-l mailing list [email protected] To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l _______________________________________________ WikiEN-l mailing list [email protected] To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l
