This is true but I don't understand why we can't have something like OAuth for applications. I don't think it should be something complex. User would just generate some "token" in mediawiki interface that would be some long string which they would give to application, which would then login to mediawiki using this string instead of username + password combination.
This would be probably more secure than giving a password to it. This is probably worth of separate wikitech thread.
Regarding the original topic: I think that this "tag" ability would be useful but only as long as regular users can use these tags to filter out selected edits from recent changes and similar. Otherwise it would be only useful for tech people.
On Wed, Feb 11, 2015 at 2:59 PM, Ricordisamoa ricordisamoa@openmailbox.org wrote:
Il 11/02/2015 14:07, This, that and the other ha scritto:
"Chris Grant" wrote in message news:CAF_zKbp-aBGzGcy4LQQvbTXUr-2tjO8OpmbwxtROsfvihuc_fg@mail.gmail.com...
On 11 Feb 2015 17:57, "Petr Bena" benapetr@gmail.com wrote:
As I said, I belive that any registered user should be able to use, with no need for permissions as I see no way to abuse it.
If anyone can use it, wouldn't the smarter vandals just use it to avoid the RC patrollers?
How does a user prove that they're using a particular tool a way that can't be faked? Something like OAuth comes to mind. All edits made via an OAuth consumer are already tagged with a unique tag, and I would assume that it is not possible to falsely represent an OAuth consumer.
I'm not sure whether this could work for common tools like AWB or Twinkle, though:
- I don't know whether OAuth works for client-side downloadable programs
like AWB.
AFAIK the OAuth extension cannot work for them by design, see https://www.mediawiki.org/wiki/OAuth/For_Developers#Intended_Users.
- JavaScript tools edit as the user from the user's browser, and as such,
OAuth is not relevant to them. In any case, anything they do (like adding a specific string to edit summaries, adding a tag to their edits, or the like) can be easily spoofed or faked by a tech-savvy user.
Before change tagging could be used as a way to *filter out* particular tool edits (as opposed to being simply a way of identifying revisions that satisfy some criterion) the RC tag filter would need to be improved.
(I'm not pretending that change tagging is the only solution for Petr's "tool edits" idea: I just think it is the most likely candidate for implementing something like this.)
TTO
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l