This is true but I don't understand why we can't have something like OAuth for applications. I don't think it should be something complex. User would just generate some "token" in mediawiki interface that would be some long string which they would give to application, which would then login to mediawiki using this string instead of username + password combination.
This would be probably more secure than giving a password to it. This is probably worth of separate wikitech thread. Regarding the original topic: I think that this "tag" ability would be useful but only as long as regular users can use these tags to filter out selected edits from recent changes and similar. Otherwise it would be only useful for tech people. On Wed, Feb 11, 2015 at 2:59 PM, Ricordisamoa <[email protected]> wrote: > Il 11/02/2015 14:07, This, that and the other ha scritto: >> >> "Chris Grant" wrote in message >> news:caf_zkbp-abgzgcy4lqqvbtxur-2tjo8opmbwxtrosfvihuc...@mail.gmail.com... >> >>> On 11 Feb 2015 17:57, "Petr Bena" <[email protected]> wrote: >>> > >>> > As I said, I belive that any registered user should be able to use, >>> > with no need for permissions as I see no way to abuse it. >>> >>> If anyone can use it, wouldn't the smarter vandals just use it to avoid >>> the >>> RC patrollers? >> >> >> How does a user prove that they're using a particular tool a way that >> can't be faked? Something like OAuth comes to mind. All edits made via an >> OAuth consumer are already tagged with a unique tag, and I would assume that >> it is not possible to falsely represent an OAuth consumer. >> >> I'm not sure whether this could work for common tools like AWB or Twinkle, >> though: >> >> * I don't know whether OAuth works for client-side downloadable programs >> like AWB. > > AFAIK the OAuth extension cannot work for them by design, see > https://www.mediawiki.org/wiki/OAuth/For_Developers#Intended_Users. > >> * JavaScript tools edit as the user from the user's browser, and as such, >> OAuth is not relevant to them. In any case, anything they do (like adding a >> specific string to edit summaries, adding a tag to their edits, or the like) >> can be easily spoofed or faked by a tech-savvy user. >> >> Before change tagging could be used as a way to *filter out* particular >> tool edits (as opposed to being simply a way of identifying revisions that >> satisfy some criterion) the RC tag filter would need to be improved. >> >> (I'm not pretending that change tagging is the only solution for Petr's >> "tool edits" idea: I just think it is the most likely candidate for >> implementing something like this.) >> >> TTO >> >> >> _______________________________________________ >> Wikitech-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
