In the interests of security, I removed special_asksqp.php from the live server. I didn't change anything else, so the link still appears for is_sysop, but is an error page now.
I think we should bring this function back, but...
1. Passwords should be encrypted in the database. In this way no one, not even me, can see them.
2. This function should be an is_developer function, so that we can freely hand out sysops even to people who might not know SQL at all -- or, like me, know just enough to be dangerous. :-)
In general, under the moral codes of wikipedia social culture, we want to avoid against the creation of hierarchies of power *over the content*. This doesn't imply, though, that developers shouldn't have some tools for researching problems, tools that aren't made generally available. The main thing is that we don't want there to ever be a method for some people to "pull rank" over a content debate _within the confines of the NPOV_.
(What I mean by that disclaimer: if a large group of people showed up one day insisting the the true purpose of Wikipedia is as a humor site, or as an exposition of the truth of their particular religion, etc., then I'd be very much in favor of "pulling rank" to stop them. But so long as the debater is even loosely attempting to comply with NPOV, all of us should be equal -- it's that power which keeps us all honest, I think.)
(As I've said on wikipedia-l and elsewhere, there's nothing wrong with a humor wiki or a Christian wiki or whatever. It's just that none of those things are wikipedia.)
--Jimbo
On ven, 2002-03-29 at 17:02, Jimmy Wales wrote:
In the interests of security, I removed special_asksqp.php from the live server. I didn't change anything else, so the link still appears for is_sysop, but is an error page now.
Thanks, I feel much safer now. :) The other thing that worries me is the permanent delete; if I have time I'll try to throw in the beginnings of a semi-permanent delete function (remove from cur table; keep in old). Thus deleted articles could still be fished out of old and restored by someone else with is_sysop status once a suitable interface for doing such is also added.
That should protect against accidental deletions or abuse of sysop priveleges.
A permanent delete is still needed for potential copyright violations and other illegal materials that we wouldn't want distributed in the database dumps; a "flush" of unlinked old revisions from time to time should do it.
I think we should bring this function back, but...
- Passwords should be encrypted in the database. In this way no
one, not even me, can see them.
Most definitely.
- This function should be an is_developer function, so that we can
freely hand out sysops even to people who might not know SQL at all -- or, like me, know just enough to be dangerous. :-)
Would it be safe to limit use to "select" statements for non-is_developer folks, so the curious could still explore the database?
-- brion vibber (brion @ pobox.com)
On 3/29/02 8:45 PM, "Brion L. VIBBER" brion@pobox.com wrote:
Would it be safe to limit use to "select" statements for non-is_developer folks, so the curious could still explore the database?
My thoughts exactly. I'd even consider making sql-selecting available to any registered user (not just is_sysop or is_developer).
On ven, 2002-03-29 at 18:38, The Cunctator wrote:
On 3/29/02 8:45 PM, "Brion L. VIBBER" brion@pobox.com wrote:
Would it be safe to limit use to "select" statements for non-is_developer folks, so the curious could still explore the database?
My thoughts exactly.
Checked into CVS. (But the passwords are still plaintext. This'll need a scramble-all-passwords function added to updScheme.php, probably -- we don't want to lock people out of their accounts!)
I'd even consider making sql-selecting available to any registered user (not just is_sysop or is_developer).
Could be done. (Just add "asksql" to $wikiAllowedSpecialPages, and take out the then-redundant check-user-privs-and-add-on-the-fly in wikiPage.php.)
Thoughts?
-- brion vibber (brion @ pobox.com)
wikitech-l@lists.wikimedia.org