Hoi,
Would OpenID make a difference ? It seems to me that when you authenticate
to both WMF projects and to this watchlistr, you would not expose passwords
in the wrong place. It seems to be also a solution of allowing Commons to
authenticate in this way.
Thanks,
GerardM
2009/7/22 Sage Ross
<[email protected]<ragesoss%[email protected]>
>
> I'm not sure what to do about this; it seems like a good idea but a
> major security risk:
>
> http://www.watchlistr.com/ is a site that creates aggregate watchlists
> across multiple projects. See
>
> http://en.wikipedia.org/w/index.php?title=Wikipedia:Bounty_board#Transwiki_watchlist_tool
>
> The user who made it has very little editing history, and the site
> aggregates watchlists across multiple projects, but requires inputting
> your Wikimedia password into the watchlistr.com site. I have no
> specific reason to think it's a scam, but if I was trying to phish
> passwords I would do something like this.
>
> -Sage Ross (User:Ragesoss)
>
> _______________________________________________
> Wikitech-l mailing list
> [email protected]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
