On Thu, Jul 23, 2009 at 2:32 PM, Cody Jung<funkyca...@gmail.com> wrote: > Wouldn't adding a salt fix this? They would have to have both the > username, the database, and the salt value to decrypt the wiki list.
In other words, they would have to have access to your server, nothing more. No, it wouldn't fix it. After some discussion in #wikimedia-toolserver, Duesentrieb pointed out that a) this issue would be solved if MediaWiki just allowed RSS feeds for watchlists, and b) it would probably take less work for me to add that feature to MediaWiki than to develop an authentication framework that would allow users to securely permit toolserver apps access to their watchlists. MrZ-man helpfully pointed out that the API already supports watchlist feeds, so I was able to hack on support for token-based authentication pretty easily: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/53703 Major limitations right now are 1) the default is an empty string, which means "don't use", so it's opt-in; 2) the URL for the feed isn't actually output anywhere. Watchlist aggregators should now be easy to set up, plus people can just use their favorite feed reader. On Thu, Jul 23, 2009 at 6:47 PM, Brion Vibber<br...@wikimedia.org> wrote: > At the moment, yes. However additional information is likely to end up > existing in the future; some more social features ("friend" graph, > mentor/mentee relationships, private messaging) would have obvious > benefits to making new-user workflow smoother. I hope MediaWiki doesn't start tacking on random social networking features, though! _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
