On 1/4/11 12:21 PM Neil Kandalgaonkar wrote:
On 1/4/11 12:51 PM, Platonides wrote:
I don't see how FS authentication is useful
there.
All authentication would be performed by mediawiki, with a master
credential such as $wgDBpassword. MediaWiki shouldn't need to send the
media server a user password!
Nobody said we'd be sending user passwords over to a media server. Most
of the time, even regular MediaWiki servers don't need to see passwords.
They just need some means to authenticate the session cookie.
But like I said we don't have very firm plans about how we would do
authentication.
This was just a counter-point to the statement "authentication is really
a nice-to-have for Commons or Wikipedia right now".
(NB sysops
should be able to remove goatses from forum avatars...)
Yeah. Avatars can be tricky. Also to be pedantically correct you want to
have some guard against impersonation (using same icon, and maybe adding
unicode space characters or other trivial changes to username).
The last one _should_ already be handled by AntiSpoof.
(Although there is, for instance, an open bug about ZWJ, any takers?)