I'm not sure how "safe" it really is, and I'm interested in what you
find. I will say I took I took a look at what goes on with a normal
login, ultimately the session variables get set at cookie setting
time, so I figured it was a good path to go here. I get that setting
the variables unchecked has risk of interception on the way back from
the API, but isn't that really the same risk as passing a password
through POST? I hope this passes, though since I know that cookie
handling is a peeve of mine in Ruby, and I think others would like to
see this implemented, too. Thanks for looking at it.
Eddie
On Nov 2, 2007, at 6:48 PM, Yuri Astrakhan wrote:
Is setting session variables directly with the values
provided by a
client is safe? Shouldn't there be some check first? Just a thought,
need to double check.
--Yuri
On 11/2/07, Eddie Roger <eddieroger(a)gmail.com> wrote:
Roan,
Thanks. Hope this works.
Eddie
On 11/2/07, Roan Kattouw <roan.kattouw(a)home.nl> wrote:
Eddie Roger schreef:
But, being new to shared development like this,
I've never
submitted anything
before. How can I submit a patch?
Just e-mail it and I'll test and commit it
for you.
Roan Kattouw
_______________________________________________
Mediawiki-api mailing list
Mediawiki-api(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-api
_______________________________________________
Mediawiki-api mailing list
Mediawiki-api(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-api
_______________________________________________
Mediawiki-api mailing list
Mediawiki-api(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-api