[Wikipedia-l] Script Kiddies/Panic Button
Daniel Mayer
maveric149 at yahoo.com
Wed Jul 31 02:18:30 UTC 2002
On Tuesday 30 July 2002 10:18 am, you wrote:
> Hi, everybody. I thought it's about time I joined the list.
>
> Instead of just a lockout button, why not also provide admins with the
> ability to:
>
> a) Limit edits to logged-in users, or
>
> b) Limit the frequency of edits to "one edit per minute" for any
> given user or any given IP
>
> (You could adjust the time value of one minute in option B above.)
>
> --Ed Poor
This seems like a reasonable alternative and should be considered -- however
this would probably require more work than allowing mere admins the ability
to use the existing database block feature now only available to developers.
But I digress... There has been several well reasoned posts about /not/
starting an arms race with vandals. Which would mean:
1) This feature would have to be given to admins in a hush-hush mannor and
act as a "secrete weapon" to use only as a last resort (however, any script
kiddy vandal with half a brain will scan all the mailing lists to find out
security details and will quickly find out about such a "weapon" and mount
counter-measures to circumvent it)
2) Or, this feature would be announced and open to act as some type of
deterrence to a script kiddy vandal (which is also would fail due to the
above).
I oftentimes (all-the-time?) overthink things and look too far ahead. So I
leave this debate to saner minds than mine for now. Do what you think is best
for the security of Wikipedia.
Maybe all we need is daily database snapshots sent to a few different secure
locations (perhaps more often if it doesn't become a performance issue).
Heck, send me a script to automate the process and I will download a daily
snapshot -- I have bandwidth to spare.
--mav
More information about the Wikipedia-l
mailing list