"John Vandenberg" jayvdb@gmail.com wrote in message news:deea21830709111813t3fecc34fwfdd3d4a3524e5835@mail.gmail.com...
On 9/12/07, Thomas Dalton
thomas.dalton@gmail.com wrote:
If we want to get around that, when the mediawiki software constructs a real URL from an internal link that uses these additional params, it could also embed a token to be used to verify that the link came from an internal link rather than a foreign site. The token would need to be a moving target to prevent foreign sites being able to use it.
Since wikis are, by their very nature, editable, I don't think we can trust internal links any more than we trust external ones.
We could limit URL parameters to pages that are protected, or add another bit somewhere to indicate that the page knows how to deal with incoming params and is under admin supervision.
This seems like over-complicating the issue.
- Mark Clements (HappyDog)