On Thu, Jul 23, 2009 at 8:50 PM, Happy-melon <happy-melon(a)live.com> wrote:
"Aryeh Gregor"
<Simetrical+wikilist@gmail.com<Simetrical%2Bwikilist@gmail.com>>
wrote in message
news:7c2a12e20907231051s638dd2f9v399ac2a79e185c02@mail.gmail.com...
On Thu, Jul 23, 2009 at 1:37 PM, Tim
Starling<tstarling(a)wikimedia.org>
wrote:
To help in the "proving trustworthy, or
else" process, I have released
the source code of Watchlistr - please take a look at it. You will see
that I take the utmost care in securing user information. The wiki
logins are encrypted with AES in our database. The key used to encrypt
each user's login list is their site username, which is stored as a
SHA1 hash in our database. If a cracker were to, somehow, gain access
to the database, they would be left with a pile of garbage.
They would only have to get the site usernames to decrypt the login
info. They could get those the next time each user logs in, if
they're not detected immediately. There's no way around this; if your
program can log in as the users, so can an attacker who's able to
subvert your program.
Or, since the set of registered Wikimedia users is both vastly smaller than
the superset of all possible usernames (remember it's restricted to users
with a global login AFAICT), and readily accessible through a
high-throughput API, a brute-force attack would be, if not trivial,
certainly extremely feasible.
As for the other solutions that were presented -
I was really trying
to create a cross-platform, cross-browser solution that would not
hinge on one particular technology. Javascript would be great, but
what if someone doesn't have JS enabled? OAuth and a read-only API
would be close-to-ideal, but they currently don't work with/don't
exist on the Wikimedia servers. I am, however, open to other workable
solutions that are presented - let me know.
I would suggest you apply for a toolserver account:
https://wiki.toolserver.org/view/Account_approval_process
Once you have a toolserver account, I'd be willing to work with you to
arrange for some form of direct access to all wikis' watchlist tables
(I'm a toolserver root). You then wouldn't need to possess any login
info.
This looks like a *much* more acceptable system. Although how would you
authenticate without collecting proscribed data...?
Let the user prove account ownership by a talk page edit. This was the way
Interiot used in his old edit counter... (is this one still active?)
Marco
--
VMSoft GbR
Nabburger Str. 15
81737 München
Geschäftsführer: Marco Schuster, Volker Hemmert