SUL won't help with local wikis (non-wp), so 1) simply isn't true.
-- chris
wikitech-l-bounces(a)wikimedia.org schrieb am 22.12.2006 03:08:46:
On 12/21/06, Mark Clements
<gmane(a)kennel17.co.uk> wrote:
> Well, in that case it would be very dangerous if the import option
allowed
> importers to delete from the source wiki, and
single-user sign-on does
not
> help in this case. Either the user isn't
verified, in which case users
of
> the remote wiki can delete WP content willy nilly
(even if not
registered),
> or the importer has to enter their Wikipedia
username & password at
the
> target wiki, and thus give these details to the
administrator of that
wiki
(or a
malicious extension writer).
I don't understand the difficulty.
1) You log in on Wiki A. Your username and password are the same as
on Wiki B, since SUL is implemented, so no security breach occurs.
2) You say, through Wiki A's interface, that you would like to delete
an image from Wiki B. Wiki A passes your username and password to
Wiki B for authentication; since they're the same on both wikis, Wiki
B will accept them and check if you're a sysop on Wiki B.
3) If you are, the image is deleted, and Wiki B tells Wiki A to
acknowledge the deletion. Otherwise it tells Wiki A to return an
error.
There can't be any security breach if the two wikis share the same
database for usernames and passwords (i.e., SUL). If they don't, this
doesn't have to work, but if it did, you could directly (but
invisibly) connect to Wiki A and give it your cookie if you're already
logged in there.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l