Hello,
Am Sonntag, den 27.08.2006, 04:07 +0200 schrieb Purodha B Blissenbach:
If there is the rule not to ask for user account data,
of course
I'm going to follow that, even if i might mean that one of my
planned tools canot be hosted on toolserver.
This is my current state of thought:
(1) [Historic facts. Skip if in hurry] When we made the transit
from the Ripuarian Test Wikipdia on
http://dergruenepunk.de/ to
the wWikimedia Server cluster, we had to transfer user accounts,
including credits for edits.
I created a little tool, that asked for user name and password on
BOTH servers, tried to simultanously login on both of them, and,
if sucessfull, noted only the two user names on each server as
being owned by the same person.
I hated the idea of having to ask for passwords. I had the tool
on https capable server though, so they were fairly save, and of
course never stored anywhere but in memory or http requests.
I have no idea, how the identity of the users could have been
established otherwise - assuming that hashed and seeded passwords
could not be copied from one server to another, leaving alone the
fact, that none of the admins had the necessary access privileges
to do that.
I think, we can a exception for this, when this tool has a planed
timespace of running and you pledge to not save these passwords in any
form.
(2) I am planning a tool to 'bulk' insert redirects for spelling
variants, such as /colou?r/ i.e. /(color|colour)/ or slightly more
complicated ones. ;-) There are way more than 100 dialects in the
Ripuarian Wikipedia, and currently the only way to handle their
variations is by sets of redirects.
I was planning to grant registered users access to the tool, and
have the tool insert redirects in their names, so as to establish
proper credit for the work, and possibly trace troll activity,
respecively allow admins and experienced users to individually
support users making mistakes.
Also here, I do not like the idea of asking for passwords and
having to pass them on, but cannot imagine how else the (imho
valid) goal could be reached otherwise.
I have no problem to use another host for that tool, should that
be an acceptable option, but hat is not my intention in the first
place, of course.
Not attributing generated redirects to the proper user is imho
a bad idea. Tell me why I'm wrong ;-) Allowing only admins, etc.
it too big a burdon, and does not remove the need to authenticate.
mm, I don't think it's a good idea to run a bot in a user-context,
because it is harder to block, when it's out of controll. The secound
point is, that it fake the edit-count of a user.
So if you realy like to run this tool, please use another server.
Greetings.
Purodha
Sincerly,
DaB.
--
Blog:
http://www.wp-blog.de | PGP: 2D3EE2D42B255885