The token need not be globally unique. It just needs to be sufficiently random, since the token will accompany the username in the URL. Arguably, this is less secure than a globally unique token, but even Google's "private" feeds have the username in the URL. A sufficient "random" token can be generated by performing an MD5 against of the current time and the user id, which I have done with WikiFeeds.
Greg
On 3/12/07, Titoxd@Wikimedia titoxd.wikimedia@gmail.com wrote:
The only problem, AFAIK, is that someone on #mediawiki said that our current token generation mechanism (User::generateToken( )) is teh crap, and suggested a better way. Otherwise, my original idea was to use the existing token mechanism, like email confirmations use.
It isn't private as user.user_realname should be; however, it still can be kept reasonably private by having a mechanism to generate a new token, even if an existing one already exists.
-----Original Message----- From: Rob Church [mailto:robchur@gmail.com] Sent: Monday, March 12, 2007 6:16 AM To: Wikimedia developers Subject: Re: [Wikitech-l] RSS feeds for watchlists
On 12/03/07, Titoxd@Wikimedia titoxd.wikimedia@gmail.com wrote:
Anyways, what do you all think? Comments? Flamebait?
What's the problem with using the existing token mechanism, salted with a particular value, e.g. for watchlists? The salting code is there and it's all available.
Watchlist data isn't "private" in the sense that we need to protect it at all costs; if it *does* leak out, no-one's going to care that much...you're not really gaining access to anything hideously confidential, are you?
Rob Church
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l