"Aryeh Gregor" <[email protected]> wrote in message news:[email protected]... > On Thu, Jul 23, 2009 at 1:37 PM, Tim Starling<[email protected]> > wrote: >> To help in the "proving trustworthy, or else" process, I have released >> the source code of Watchlistr - please take a look at it. You will see >> that I take the utmost care in securing user information. The wiki >> logins are encrypted with AES in our database. The key used to encrypt >> each user's login list is their site username, which is stored as a >> SHA1 hash in our database. If a cracker were to, somehow, gain access >> to the database, they would be left with a pile of garbage. > > They would only have to get the site usernames to decrypt the login > info. They could get those the next time each user logs in, if > they're not detected immediately. There's no way around this; if your > program can log in as the users, so can an attacker who's able to > subvert your program.
Or, since the set of registered Wikimedia users is both vastly smaller than the superset of all possible usernames (remember it's restricted to users with a global login AFAICT), and readily accessible through a high-throughput API, a brute-force attack would be, if not trivial, certainly extremely feasible. > >> As for the other solutions that were presented - I was really trying >> to create a cross-platform, cross-browser solution that would not >> hinge on one particular technology. Javascript would be great, but >> what if someone doesn't have JS enabled? OAuth and a read-only API >> would be close-to-ideal, but they currently don't work with/don't >> exist on the Wikimedia servers. I am, however, open to other workable >> solutions that are presented - let me know. > > I would suggest you apply for a toolserver account: > > https://wiki.toolserver.org/view/Account_approval_process > > Once you have a toolserver account, I'd be willing to work with you to > arrange for some form of direct access to all wikis' watchlist tables > (I'm a toolserver root). You then wouldn't need to possess any login > info. This looks like a *much* more acceptable system. Although how would you authenticate without collecting proscribed data...? --HM _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
