We should consider some edge cases like: * More than two accounts with exactly same email and password. -> In this case, which account should be chosen for logged-in? Maybe account selector could be one of the answers.
* If there's a 42 accounts with same email. -> Should mediawiki try to check password forty two times? It will takes _very_ long time as enough to cause gateway timeout. Which means nobody can log in to that account. -> To avoid timing attack completely, should mediawiki calculate hash of all users forty two times as same as above user? 2015-02-20 8:58 GMT+09:00 phoebe ayers <[email protected]>: > Hi all, > > I'm the one who started that bug-now-task a while back, and for > context, it was based directly on user feedback. What MzM says above > is right. I was working with a casual (but quite good) editor who said > to me "well, I'd edit that Wikipedia page, but I don't edit very often > and I can never remember what my login is, since my usual login was > taken. But if I could enter my email address, it would be a lot easier > and I'd be more likely to just do it." > > Struck by the idea that this was a barrier to editing, I asked around > and got similar feedback from other people, for both public and > private mediawikis. So I submitted the bug for consideration. I know > it's difficult and there's been a lot of discussion on how to > technically do it, but I think the underlying need definitely still > exists. > > thanks, > Phoebe > > > On Thu, Feb 19, 2015 at 4:54 AM, Tony Thomas <[email protected]> wrote: >> Hello, >> >> Before someone starts with a proposal for the proposed-tech-project 'Allow >> user login with e-mail address'[1], is there still community consensus for >> the same ? I personally think its a must-have for MediaWiki, as e-mail >> address is easy to remember than a complex username. Currently multiple >> users can sign-up with the same e-mail id - which would possibly be a >> blocker, and can be fixed. Thanks to MzMcbride, we have an RFC[2] too on >> the same. >> >> [1] https://phabricator.wikimedia.org/T30085 >> [2] >> https://www.mediawiki.org/wiki/Requests_for_comment/Login_via_e-mail_address >> >> Thanks, >> Tony Thomas <http://tttwrites.wordpress.com/> >> FOSS@Amrita <http://foss.amrita.ac.in> >> >> *"where there is a wifi, there is a way"* >> _______________________________________________ >> Wikitech-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > > > -- > * I use this address for lists; send personal messages to phoebe.ayers > <at> gmail.com * > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
