On 1/4/11 12:21 PM Neil Kandalgaonkar wrote:
On 1/4/11 12:51 PM, Platonides wrote:
I don't see how FS authentication is useful there. All authentication would be performed by mediawiki, with a master credential such as $wgDBpassword. MediaWiki shouldn't need to send the media server a user password!
Nobody said we'd be sending user passwords over to a media server. Most of the time, even regular MediaWiki servers don't need to see passwords. They just need some means to authenticate the session cookie.
But like I said we don't have very firm plans about how we would do authentication.
This was just a counter-point to the statement "authentication is really a nice-to-have for Commons or Wikipedia right now".
(NB sysops should be able to remove goatses from forum avatars...)
Yeah. Avatars can be tricky. Also to be pedantically correct you want to have some guard against impersonation (using same icon, and maybe adding unicode space characters or other trivial changes to username).
The last one _should_ already be handled by AntiSpoof. (Although there is, for instance, an open bug about ZWJ, any takers?)