We should consider some edge cases like:
* More than two accounts with exactly same email and password. -> In this case, which account should be chosen for logged-in? Maybe account selector could be one of the answers.
* If there's a 42 accounts with same email. -> Should mediawiki try to check password forty two times? It will takes _very_ long time as enough to cause gateway timeout. Which means nobody can log in to that account. -> To avoid timing attack completely, should mediawiki calculate hash of all users forty two times as same as above user?
2015-02-20 8:58 GMT+09:00 phoebe ayers phoebe.wiki@gmail.com:
Hi all,
I'm the one who started that bug-now-task a while back, and for context, it was based directly on user feedback. What MzM says above is right. I was working with a casual (but quite good) editor who said to me "well, I'd edit that Wikipedia page, but I don't edit very often and I can never remember what my login is, since my usual login was taken. But if I could enter my email address, it would be a lot easier and I'd be more likely to just do it."
Struck by the idea that this was a barrier to editing, I asked around and got similar feedback from other people, for both public and private mediawikis. So I submitted the bug for consideration. I know it's difficult and there's been a lot of discussion on how to technically do it, but I think the underlying need definitely still exists.
thanks, Phoebe
On Thu, Feb 19, 2015 at 4:54 AM, Tony Thomas 01tonythomas@gmail.com wrote:
Hello,
Before someone starts with a proposal for the proposed-tech-project 'Allow user login with e-mail address'[1], is there still community consensus for the same ? I personally think its a must-have for MediaWiki, as e-mail address is easy to remember than a complex username. Currently multiple users can sign-up with the same e-mail id - which would possibly be a blocker, and can be fixed. Thanks to MzMcbride, we have an RFC[2] too on the same.
[1] https://phabricator.wikimedia.org/T30085 [2] https://www.mediawiki.org/wiki/Requests_for_comment/Login_via_e-mail_address
Thanks, Tony Thomas http://tttwrites.wordpress.com/ FOSS@Amrita http://foss.amrita.ac.in
*"where there is a wifi, there is a way"* _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
--
- I use this address for lists; send personal messages to phoebe.ayers
<at> gmail.com *
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l