On Wed, 16 May 2012 11:27:21 -0700, Daniel Renfro <drenfro(a)vistaprint.com>
wrote:
Can someone explain the reason for the limitations for
the JSON
callbacks? I'm sure there are good reasons, but they're nonobvious to me.
See: <
https://www.mediawiki.org/wiki/API:Data_formats#JSON_callback_restrictions
-Daniel (User:DanielRenfro)
JSON callbacks can be initiated by 3rd party websites. Allowing json
callbacks to act as the logged in user would allow any website on the
internet to extract information that is supposed to be private and
potentially make unauthorized write actions on the wiki.
Private wiki content could be extracted. Articles could be edited in your
name. And up till recently it would have also been possible to make some
preferences changes that would effectively let someone take over your
whole account.
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://daniel.friesen.name]