The only problem, AFAIK, is that someone on #mediawiki said that our current token generation mechanism (User::generateToken( )) is teh crap, and suggested a better way. Otherwise, my original idea was to use the existing token mechanism, like email confirmations use.
It isn't private as user.user_realname should be; however, it still can be kept reasonably private by having a mechanism to generate a new token, even if an existing one already exists.
-----Original Message----- From: Rob Church [mailto:robchur@gmail.com] Sent: Monday, March 12, 2007 6:16 AM To: Wikimedia developers Subject: Re: [Wikitech-l] RSS feeds for watchlists
On 12/03/07, Titoxd@Wikimedia titoxd.wikimedia@gmail.com wrote:
Anyways, what do you all think? Comments? Flamebait?
What's the problem with using the existing token mechanism, salted with a particular value, e.g. for watchlists? The salting code is there and it's all available.
Watchlist data isn't "private" in the sense that we need to protect it at all costs; if it *does* leak out, no-one's going to care that much...you're not really gaining access to anything hideously confidential, are you?
Rob Church