Hii!
It would be easy enough to make the proxy
functionality only work for
specific URLs defined in a mediawiki message page. Tada: back to the
same level of oversight and control that we already have.
What kind of change/revision management would those URLs have? Are
copies archived/saved on toolserver for every script that gets
uploaded to accessible area? :)
Oh, and adding to Dschwen's initial point.. the
code should remove any
session cookie and replace it with a cookie indicating a confirmed
username.
It doesn't help with session hijacking - you can still get cookie
values with javascript, and send xmlrequest anywhere you want.
Any sysop can already insert scripts which call remote
scripts which
have ongoing communication by inserting script tags over and over
again. It's kludgy but it works.
Yes, it is one of current security problems, probably the global .js
rights have to be moved from sysops to stewards :), but at least we
can track who and when added what (revision histories!) - there's no
such audit trail on toolserver.
It's also possible to use an invisible iframe as a
request proxy off
to another domain:
http://blog.monstuff.com/archives/000304.html
You won't be able to read contents of that frame, nor get cookies,
nor modify anything in frame document's DOM.
In terms of security profile adding a proxy
wouldn't change anything..
Now you join the camp of ignorant! :)
but it would allow legitimate tool authors to avoid
ugly kludges
needed to work around the 'security behavior'.
the security behavior is to protect wikipedians.
BR
--
Domas Mituzas --
http://dammit.lt/ -- [[user:midom]]