Brianna Laugher <brianna.laugher <at> gmail.com> writes:
I can imagine someone building an alternative edit
interface for a
subset of Wikipedia content, say a WikiProject. Then the interface can
strip away all the general crud and just provide information relevant
to that topic area.
That can be done without giving out password, via javascript interfaces and
cross-domain AJAX calls to the API. It would require a modern browser and some
sort of permission (I'm not sure whether it has to be given in the browser or in
the HTTP headers sent by wikipedia.hu), but is solid from a security point of
view: you log in at
wikipedia.org, get a session cookie, go to
3rdparty.org, the
script loaded by your browser sends API requests to
wikipedia.org and the
browser attaches the cookie to them automatically, but
3rdparty.org cannot
access them due to the browser's domain-based security rules. The worst it could
do is misuse your account as long as you have the page open in your browser...
not very dangerous. And the site is named in the referer of the AJAX request and
can be easily filtered out if it's problematic.