That's interesting.? Someone signs up with service X to pull details from your
service Y that perhaps you don't want the world to know.? Like that you've
watchlisted Oral Sex.
How do I, as service X make sure that you as Service Y actually have the user's
approval for this pulling of my data ?
Seems like, in-project we would need some sort of user-embedded flag to say "Talk
with service Y it's OK!"? That would be the only secure way to do it,
wouldn't it?
Will Johnson
-----Original Message-----
From: David Gerard <dgerard(a)gmail.com>
To: English Wikipedia <wikien-l(a)lists.wikimedia.org>
Sent: Thu, Jul 23, 2009 11:56 am
Subject: Re: [WikiEN-l] [Wikitech-l]
Watchlistr.com, an outside site that asks for
Wikimedia passwords
Update: The developer of watchlistr is now discussing on wikitech-l
how to do this on the toolserver, and how to authenticate without
passwords being saved on the toolserver (which is not allowed).
Further detail no doubt to come :-)
- d.
2009/7/22 David Gerard <dgerard(a)gmail.com>om>:
fyi
From: Sage Ross <ragesoss+wikipedia(a)gmail.com>
Date: 2009/7/22
Subject: [Wikitech-l]
Watchlistr.com, an outside site that asks for
Wikimedia passwords
To: wikitech-l(a)lists.wikimedia.org
I'm not sure what to do about this; it seems like
a good idea but a
major security risk:
http://www.watchlistr.com/ is a site that creates aggregate watchlists
across multiple projects. See
http://en.wikipedia.org/w/index.php?title=Wikipedia:Bounty_board#Transwiki_…
_______________________________________________
WikiEN-l mailing list
WikiEN-l(a)lists.wikimedia.org
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l