Aryeh Gregor wrote:
I don't think so. I think it's completely
reasonable, when talking
about Wikipedia. Hackers go after money, and there's no money in
hacking Wikipedia. We have nothing secret or valuable that's not
already readily available. We have no black-market competitors who
want to try disrupting our service. Any malicious action could be
easily reversed. The worst we have to worry about is someone with a
grudge trying to frame someone else, which has happened, but it's
hardly a pressing concern.
Facebook has been having issues with compromised accounts that send out
spam, either through Facebook messages or Wall posts. This doesn't
completely refute your point, but it is a pretty good example of bad users
going after readily available, free-to-make accounts in order to misuse
them.
Upon promotion, the user should be required to
re-enter their
password before they get access to elevated privileges, and
change it if it's not secure enough.
It would be much easier and convenient to check the password upon login.
It makes much more sense to remove the option and let
people
use the API or custom JavaScript or a browser extension if they
want to use an external editor.
So that a local wiki admin can add the custom JavaScript as a gadget and the
preference can ultimately move from one tab to another? :-)
Tgr wrote:
A totalitarian government going after checkuser access
is not
an unimaginable scenario either.
Yes, it is.
MZMcBride