[Foundation-l] mirroring a portion of the wikipedia

Platonides Platonides at gmail.com
Thu Feb 19 22:24:05 UTC 2009


Robert Rohde wrote:
> True, though under the current system a middle man in position of a
> user authentication token could do exactly the same things to
> Wikimedia as someone with the plaintext password.  Which is a short
> way of saying our system has never been built with much security in
> mind.
> 
> -Robert Rohde

You could make them authenticate against wikipedia and send edits
directly to wikipedia (eg. AJAX). With no password handling from the
other site*. However, it still places the remote site in a place where
it is able to automatically revert a page or perform an edit on
wikipedia without the (wikipedia logged-in) visitor even noticing it.

basedrop: My advice is to just include the content, making the edit link
point to wikipedia instead of trying to integrate edition into your site.


*If you integrate wikipedia login with the external site, how would you
prevent the external site to change to a 'grab password' system?




More information about the foundation-l mailing list