[Foundation-l] mirroring a portion of the wikipedia

Robert Rohde rarohde at gmail.com
Thu Feb 19 21:19:53 UTC 2009


On Thu, Feb 19, 2009 at 12:30 PM, Thomas Dalton <thomas.dalton at gmail.com> wrote:
> 2009/2/19 Robert Rohde <rarohde at gmail.com>:
>> I think you are significantly overestimating the difficulty.  We
>> already have an API [1] and similar tools that allow one to accomplish
>> many similar tasks.  For example, calling ?action=render will give you
>> a llive HTML version of any current page that could be wrapped in a
>> external site's own framing and stylesheets (though one would need to
>> rewrite the url roots in most cases).  The API already has tools for
>> logging in and out while authenticating against WMF servers.  And
>> there is even a write API, though I believe that is currently disabled
>> on the main sites.
>
> Ideally, you would want to authenticate in a way that doesn't give the
> middle-man access to plaintext Wikimedia passwords.

True, though under the current system a middle man in position of a
user authentication token could do exactly the same things to
Wikimedia as someone with the plaintext password.  Which is a short
way of saying our system has never been built with much security in
mind.

-Robert Rohde



More information about the foundation-l mailing list