[Foundation-l] Cookie based blocking and bug #3233. A quick hack implimented on commons.
Jeffrey V. Merkey
jmerkey at wolfmountaingroup.com
Tue Dec 12 06:30:34 UTC 2006
A better solution is to embed the MAC address of the workstation into
the cookie itself, so you can track someone no matter what account
or IP they use.
Jeff
Gregory Maxwell wrote:
>A cookie is a piece of data stored by a website in your web browser
>and made available to that site when you use the site. (see [[HTTP
>cookie]] for more info)
>
>For a while people have thought it would be useful to use cookies as
>part of our blocking system. The idea is that when a user is blocked,
>mediawiki would give them a cookie to indicate that they are blocked.
>This would then inhibit them from editing even if they changed IPs.
>The primary limitation to this approach is that any terminologically
>savvy user could easily remove the cookie.
>
>There is a request filed for this feature
>(http://bugzilla.wikimedia.org/show_bug.cgi?id=3233) along with a
>patch, but this patch has not yet been merged into mediawiki.
>
>Because interest for this feature keeps reoccurring, I threw together
>a quick hack using javascript. This method of implementation allows us
>to experiment and gauge the value of the approach without distracting
>the core developers with more code to merge and support.
>
>This could be implemented by any admin on an of our wiks.
>http://commons.wikimedia.org/w/index.php?title=MediaWiki:Monobook.js&diff=prev&oldid=3757203
>
>Like all cookie based solutions, it is easy to bypass. Its primary
>disadvantage compared to the mediawiki patch is that it is not
>integrated with the block page, to activate a cookie based block you
>must make a separate edit to the target user's javascript.
>
>The current behavior blocks all uploads and edits by the impacted
>browser, but it would be fairly trivial to make the function more like
>regular blocking... or even more fine grained with per-namespace or
>per article blocks. The current behavior also renews the block for 24
>hours every time the user *views* a page while logged in as the
>blocked user. This too could be trivially changed.
>
>If anyone tries this out or improves it, please let me know. I pretty
>much learned javascript in order to do this.. and it only took about
>15 minutes to do, so don't expect it to work miracles but it should
>work as advertised.
>_______________________________________________
>foundation-l mailing list
>foundation-l at wikimedia.org
>http://mail.wikipedia.org/mailman/listinfo/foundation-l
>
>
>
More information about the foundation-l
mailing list