On Fri, Sep 26, 2008 at 12:04 PM, Tei <oscar.vives(a)gmail.com> wrote:
so... what stops a maliciuous banner script to insert
viagra links on
random wikipedia articles?.
Nothing except the external link filter, the captcha, and a lot of
editors ready to revert them.
other than 2 unixtimes, and the md5 of summary, I
don't see how this
is protected at all.
For anon users, the edit token exists to ensure integrity of the
submission, i.e., that it was submitted correctly and as intended.
For logged-in users, it also makes impersonation more difficult. It
is not meant to prevent incorrect submissions, which is a much
higher-level job.