Brianna Laugher <brianna.laugher <at> gmail.com> writes: > I can imagine someone building an alternative edit interface for a > subset of Wikipedia content, say a WikiProject. Then the interface can > strip away all the general crud and just provide information relevant > to that topic area.
That can be done without giving out password, via javascript interfaces and cross-domain AJAX calls to the API. It would require a modern browser and some sort of permission (I'm not sure whether it has to be given in the browser or in the HTTP headers sent by wikipedia.hu), but is solid from a security point of view: you log in at wikipedia.org, get a session cookie, go to 3rdparty.org, the script loaded by your browser sends API requests to wikipedia.org and the browser attaches the cookie to them automatically, but 3rdparty.org cannot access them due to the browser's domain-based security rules. The worst it could do is misuse your account as long as you have the page open in your browser... not very dangerous. And the site is named in the referer of the AJAX request and can be easily filtered out if it's problematic. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
