[Mediawiki-l] Re: Slowness Thread again

[N. M. Buzdor]

> ...
>   planning to convert Infinite Ink to a MediaWiki wiki in 2005

Very cool.  I used the articles you hosted for a big project two years ago.
Do you know you have about the only well-linked resource on CH and ~CH on
the web?  I'd be worried about making it a Wiki, but if you can properly
secure it from pseudo-mathematicians who claim they can square the circle,
then you're good!

May I ask two more questions of Brion Vibber and the gang regarding security
from the IE exploit?  How does ensuring the URL is canonical assure (even in
part) that what's returned can't be used to exploit IE; that is, how could a
malformed URL break the security if it's JavaScript on the page that's
responsible for kidnapping the browser session?  Secondly, are the three
links (index.php?title=-&action=raw&gen=js&smaxage=0,
index.php?title=User:xxx/monobook.css&action=raw&ctype=text/css, and
index.php?title=User:xxx/monobook.js&action=raw&ctype=text/javascript&dontco
untme=s) all merely for user preferences?  If so then could I conceivably
comment out not the security, but the references that send the browser off
on the wild goose chase in the first place?  While I like allowing users to
be able to set some basic settings, it's not worth the six weeks of not
having a wiki I've had so far and the long-term expectation of not working
with a host provider that only provides .htaccess level configuration for
subdomains.

--N. Buzdor, 1993 M.A. Pure Mathematics, University of Toledo