On Wed, Apr 4, 2012 at 5:43 PM, Petr Bena <[email protected]> wrote: > I have seen there is a lot of wikis where people are concerned about > inactive sysops. They managed to set up a strange rule where sysop > rights are removed from inactive users to improve the security. > However the sysops are allowed to request the flag to be restored > anytime. This doesn't improve security even a bit as long as hacker > who would get to some of inactive accounts could just post a request > and get the sysop rights just as if they hacked to active user. > > For this reason I think we should create a new extension auto sysop > removal, which would remove the flag from all users who didn't login > to system for some time, and if they logged back, the confirmation > code would be sent to email, so that they could reactivate the sysop > account. This would be much simpler and it would actually make hacking > to sysop accounts much harder. I also believe it would be nice if > system sent an email to holder of account when someone do more than 5 > bad login attemps, in order to be warned that someone is likely trying > to compromise their account.
What happens if the ex-sysop has lost access to their original email address .. ? -- John Vandenberg _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
