On Tue, Jun 12, 2018 at 3:26 AM Nathan <nawr...@gmail.com> wrote:

> Is the risk of an attacker taking over an account with CSS/JS edit
> permissions any more or less because that person knows how to use CSS/JS?

I tried to address this in the FAQ:
> * The number of accounts which can be used to compromise the site will be
drastically reduced. Less accounts that can serve as attack vectors means a
smaller chance chance of an account being vulnerable when the password
database of some third-party website gets compromised. A smaller number of
accounts is also easier to monitor for suspicious logins.
> * Beyond the mere numbers of accounts, it will remove the most vulnerable
accounts as attack vectors. Users who can write CSS/JS code probably have
better IT skills in general, and thus better password and system security

Can we make the
> edit right temporary, so someone can request it through a normal simple
> process, execute their edits, and then relinquish it? It can be a right
> that admins could grant to each other, as long as they can't gift it to
> themselves.

We can (with some work), and we should. The various ways to make deploying
malicious javascript harder are complimentary, and we should do them all.
Separating permissions just happens to be the easiest one.

I feel most people don't appreciate how *extremely* scary the current
situation is. The public backlash around the Seigenthaler affair was
sparked by Wikipedia carelessly causing harm to a single individual. It
would be child's play compared to what would happen if a few ten thousand
people had their bank accounts cleaned, or a few dozen opposition members
arrested by the secret police, or something like that, because Wikipedians
decided security improvements were not worth the effort of moving users
from one group to another.
Wikitech-l mailing list

Reply via email to