Aryeh Gregor wrote:
I don't think so. I think it's completely reasonable, when talking about Wikipedia. Hackers go after money, and there's no money in hacking Wikipedia. We have nothing secret or valuable that's not already readily available. We have no black-market competitors who want to try disrupting our service. Any malicious action could be easily reversed. The worst we have to worry about is someone with a grudge trying to frame someone else, which has happened, but it's hardly a pressing concern.
Facebook has been having issues with compromised accounts that send out spam, either through Facebook messages or Wall posts. This doesn't completely refute your point, but it is a pretty good example of bad users going after readily available, free-to-make accounts in order to misuse them.
Upon promotion, the user should be required to re-enter their password before they get access to elevated privileges, and change it if it's not secure enough.
It would be much easier and convenient to check the password upon login.
It makes much more sense to remove the option and let people use the API or custom JavaScript or a browser extension if they want to use an external editor.
So that a local wiki admin can add the custom JavaScript as a gadget and the preference can ultimately move from one tab to another? :-)
Tgr wrote:
A totalitarian government going after checkuser access is not an unimaginable scenario either.
Yes, it is.
MZMcBride