On Fri, Mar 15, 2013 at 7:44 AM, Amgine <amgine.saewyc(a)gmail.com> wrote:
Several questions:
# Will the action=createaccount be disabled by default?
No, it's enabled by default.
Note that action=createaccount itself landed a few weeks ago; I'm just
adding the captcha support.
# If enabled, is the action=createaccount reserved to
a specific user
group?
action=createaccount calls into LoginForm for the actual user creation;
it's the same code as creating an account on the web interface and should
use the same permissions.
# At first blush this appears to be designed to enable
xrumer bruting.
Have you considered adding optional single-use otf image creation for
fancy captcha, which would be more cost effective on small wikis?
Brute-forcing captchas on the createaccount API should be exactly as
easy/difficult as brute-forcing on the createaccount form.
I have not explored new captcha engines or techniques; that would be
interesting to explore but is out of scope for me right now.
# There are several private modules for ConfirmEdit,
as well as sites
using different captchas based on ConfirmEdit (Asirra?) How might this
interact with a site using a different (non-supported) captcha module?
If the module implements the addCaptchaAPI method -- already existing for
some time and used by action=edit and action=login -- then it should work
with action=createaccount as well.
-- brion