On Thu, Feb 19, 2009 at 12:30 PM, Thomas Dalton <thomas.dalton(a)gmail.com> wrote:
2009/2/19 Robert Rohde <rarohde(a)gmail.com>om>:
I think you are significantly overestimating the
difficulty. We
already have an API [1] and similar tools that allow one to accomplish
many similar tasks. For example, calling ?action=render will give you
a llive HTML version of any current page that could be wrapped in a
external site's own framing and stylesheets (though one would need to
rewrite the url roots in most cases). The API already has tools for
logging in and out while authenticating against WMF servers. And
there is even a write API, though I believe that is currently disabled
on the main sites.
Ideally, you would want to authenticate in a way that doesn't give the
middle-man access to plaintext Wikimedia passwords.
True, though under the current system a middle man in position of a
user authentication token could do exactly the same things to
Wikimedia as someone with the plaintext password. Which is a short
way of saying our system has never been built with much security in
mind.
-Robert Rohde