Dang. Oh well. I'm attempting this through Ruby methods, so I'll have to get out some old cookie handling code to deal. Thanks for the answer.
On Dec 4, 2007 9:29 AM, Roan Kattouw roan.kattouw@home.nl wrote:
Eddie Roger schreef:
but I don't understand the benefit of just using cookies versus using tokens, especially for robots. I'm not questioning Brion's decision, just wondering if there was explanation.
The login token thing was insecure, because someone could sneak in a URL like: api.php?action=something&...&lgtoken=123ABC With lgtoken being a valid login token, assigned to the attacker's session. That would force the victim to take over the attacker's session, and possibly get his IP autoblocked.
Also, I don't understand how to implement his suggestion - is that just with cookies now?
Yep, just cookies. See here [1] for an example of how to login using PHP and Snoopy.
Roan Kattouw (Catrope)
[1]
http://lists.wikimedia.org/pipermail/mediawiki-api/2007-October/000117.html
Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-api