Re: [Wikitech-l] Watchlistr.com, an outside site that asks for Wikimedia passwords

On Wed, Jul 22, 2009 at 7:07 PM, Sage Ross<ragesoss+wikipedia(a)gmail.com> wrote: I think the thing to do about it is block it at the firewall and tell the user to immediately delete all the data they gathered and never do anything like it again. We aren't even just talking about malice here, if someone else compromises the server they could get access to a whole bunch of admin accounts if it becomes popular. The proper way to handle this would either be some form or other of software support, or use a toolserver tool with direct database access. On Wed, Jul 22, 2009 at 7:59 PM, David Gerard<dgerard(a)gmail.com> wrote: Toolserver projects are forbidden from asking users for login info. However, the watchlist tables are replicated to the toolserver, just not made available to unprivileged users. If a user wanted to make a script like this, it would be simple to give special access to the tables to allow it (possibly restricted in such a fashion that the script author didn't get access, only his vetted code). The tool could deal with authentication by, e.g., giving the user an autogenerated URL and a confirmation code to add to a magic user subpage (it could check what user created the page). On Wed, Jul 22, 2009 at 10:40 PM, Happy-melon<happy-melon(a)live.com> wrote: Greasemonkey is far from ideal. It only works on the computer you install it on, and only works for Firefox users.