[WikiEN-l] [Wikitech-l] Watchlistr.com, an outside site that asks for Wikimedia passwords
wjhonson at aol.com
wjhonson at aol.com
Thu Jul 23 21:57:16 UTC 2009
That's interesting.? Someone signs up with service X to pull details from your service Y that perhaps you don't want the world to know.? Like that you've watchlisted Oral Sex.
How do I, as service X make sure that you as Service Y actually have the user's approval for this pulling of my data ?
Seems like, in-project we would need some sort of user-embedded flag to say "Talk with service Y it's OK!"? That would be the only secure way to do it, wouldn't it?
Will Johnson
-----Original Message-----
From: David Gerard <dgerard at gmail.com>
To: English Wikipedia <wikien-l at lists.wikimedia.org>
Sent: Thu, Jul 23, 2009 11:56 am
Subject: Re: [WikiEN-l] [Wikitech-l] Watchlistr.com, an outside site that asks for Wikimedia passwords
Update: The developer of watchlistr is now discussing on wikitech-l
how to do this on the toolserver, and how to authenticate without
passwords being saved on the toolserver (which is not allowed).
Further detail no doubt to come :-)
- d.
2009/7/22 David Gerard <dgerard at gmail.com>:
> fyi
> From: Sage Ross <ragesoss+wikipedia at gmail.com>
> Date: 2009/7/22
> Subject: [Wikitech-l] Watchlistr.com, an outside site that asks for
> Wikimedia passwords
> To: wikitech-l at lists.wikimedia.org
> I'm not sure what to do about this; it seems like a good idea but a
> major security risk:
> http://www.watchlistr.com/ is a site that creates aggregate watchlists
> across multiple projects. See
> http://en.wikipedia.org/w/index.php?title=Wikipedia:Bounty_board#Transwiki_watchlist_tool
_______________________________________________
WikiEN-l mailing list
WikiEN-l at lists.wikimedia.org
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
More information about the WikiEN-l
mailing list