On Sun, Aug 14, 2011 at 12:21 PM, Krinkle <krinklemail(a)gmail.com> wrote:
The API has been around for a while now and many
scripts even started to
assume it's presence by default.
What we'd like to know: Do you have one of these configuration variables
set to false on your wiki ? And if so, what is the reason for this. We'd
like to collect some information and motivation on this so that we can make
a better decision at removing these and/or helping in finding a solution
(if needed) to the problem that is currently being solved by setting these
variables to false.
Back when the API was still new and exciting, we kept it off on some
Wikimedia wikis (and the write mode on a few more), especially for sensitive
private wikis while it was unsure whether authentication was working
properly.
For quite some time however they've been set to on for all Wikimedia wikis,
including internal/private ones.
New front-end code is generally assuming the API is on all the time in
read-write mode and doesn't necessarily bother to check, as the few old
things using the sajax interface etc have mostly been moved over to use the
main API.
We've probably got no reason to ever disable these settings, except perhaps
as a quick-fix to disable the entire API entry point until installation of a
security fix -- in which case we'd probably *not* want it to go fiddling
around all our HTML output to end up caching non-AJAX versions of things.
-- brion