[WikiEN-l] Re: vandalism
Richard Grevers
lists at dramatic.co.nz
Sun May 18 19:55:20 UTC 2003
On Sun, 18 May 2003 08:04:56 -0700 (PDT), koyaanis qatsi
<obchodnakorze at yahoo.com> gave utterance to the following:
> Erik writes:
>> I think we're still talking past each other.
>> Banned IP addresses can login, but they
>> cannot edit, even if they're logged in. The
>> IP address of the user in question (Stick)
>> is not banned.
>
> Yes. We're talking past each other. What I'm saying
> is that a banned IP that tries to access the "login"
> page, regardless of whether it's logged in already,
> could be served a 404. This could prevent people like
> Michael or yesterday's vandal from coming back with
> several different usernames. Again, I'm not sure if
> this is a good or bad idea--there may be other, bad
> results as well.
>
Given that any form POST of a reasonable length can have a GET substituted
for it, it is easy to bookmark an URL which replicates the form submission
and never requires the login page to be served. (I won't post that here but
will explain off list if required).
Actually I've always wondered why non-logged users didn't see a quick login
form on the Wikipedia home page.
--
Richard Grevers
I am a nobody - nobody is perfect - therefore I am perfect.
More information about the WikiEN-l
mailing list