"Brion Vibber" <brion(a)pobox.com> wrote in
message news:458B072A.6010108@pobox.com...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark Clements wrote:
> Yes, but the transwiki is an _import_, not an _export_ process (i.e. you
> perform the operation from the target wiki), so how can this process
perform
> the remote delete without compromising security?
>
> Perhaps I do not understand how transwiki works. Is it possible for me,
on
my private
wiki, to set up WP as an import source for transwiki?
Yes.
Well, in that case it would be very dangerous if the import option allowed
importers to delete from the source wiki, and single-user sign-on does not
help in this case. Either the user isn't verified, in which case users of
the remote wiki can delete WP content willy nilly (even if not registered),
or the importer has to enter their Wikipedia username & password at the
target wiki, and thus give these details to the administrator of that wiki
(or a malicious extension writer).
- Mark Clements (HappyDog)