[Mediawiki-l] made an administrator who hasn't yet established an account

Lewis Cawte lewiscawte at googlemail.com
Tue Aug 3 00:22:36 UTC 2010


On 03/08/10 01:18, jidanni at jidanni.org wrote:
> Say, I noticed on Wikia one can make a user an administrator, even if he
> has never logged in yet.
>
> This exposes a security risk. A bureaucrat pre-makes some accounts for
> future administrators, but before they establish accounts, somebody else
> establishes an account with that name, and becomes an instant
> administrator.
>
> I'm wondering if the is a MediaWiki-wide bug, or just Wikia's.
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>    
Yes this is MediaWiki wide, but in no way is it a bug. The feature is 
there for various reasons, one I can think of off the top of my head is 
bots, sysop bots. If a user is running a smaller wiki deployment, and 
they need a sysop bot quickly, they do not want to have to wait around 
for a while or put in a lot of work just to be able to give it that 
needed bot flag..

Other examples are welcome :)



More information about the MediaWiki-l mailing list