On 03/08/10 01:18, jidanni(a)jidanni.org wrote:
Say, I noticed on Wikia one can make a user an
administrator, even if he
has never logged in yet.
This exposes a security risk. A bureaucrat pre-makes some accounts for
future administrators, but before they establish accounts, somebody else
establishes an account with that name, and becomes an instant
administrator.
I'm wondering if the is a MediaWiki-wide bug, or just Wikia's.
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Yes this is MediaWiki wide, but in no way is it a bug. The feature is
there for various reasons, one I can think of off the top of my head is
bots, sysop bots. If a user is running a smaller wiki deployment, and
they need a sysop bot quickly, they do not want to have to wait around
for a while or put in a lot of work just to be able to give it that
needed bot flag..
Other examples are welcome :)