[Systems] SL Central Login (was Re: [Systems-logs] [DNS] Sugar Labs DNS zone data branch, master, updated. 8f472af67a1177a9644675b1fd2c2af7dff2e77a)

Frederick Grose fgrose at sugarlabs.org
Wed Sep 28 00:02:49 EDT 2011


On Tue, Sep 27, 2011 at 11:11 PM, Aleksey Lim
<alsroot at activitycentral.org>wrote:

> On Tue, Sep 27, 2011 at 10:35:20PM -0400, Frederick Grose wrote:
> > On Tue, Sep 27, 2011 at 4:57 PM, Aleksey Lim <
> alsroot at activitycentral.org>wrote:
> >{...}
>


> > Since 13 July 2010, all new wiki accounts have been required to use
> OpenID.
> >  This has greatly reduced wiki abuse.
> >
> > Many wikis are abused by new account page attacks.  For some reason,
> those
> > abusers don't bother with the OpenID authentication.
>
> I don't remember, does mediawiki use email verification for creating new
> accounts?
>

MediaWiki offers this configuration option
https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Manual:$wgEmailAuthentication
which enables emailing services, such as for watch lists and password
resets.
$wgEmailAuthentication = true;
for our wiki.

This configuration flag,
https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Manual:$wgEmailConfirmToEdit
which requires people to supply an email address when registering,
is not set in our wiki.


> > Will the CAS implementation provide a similar deterrent without imposing
> a
> > usability barrier?
>
> At least it should look the same as it was before disabling creating new
> users on wiki, i.e., the option to follow cas/ldap way


which suffered from freely authenticating abusers.

(with having
> single login) and using opneid (w/o single login). And ideally for all
> SL services.
>

This seems to say that single login may compromise the protection OpenID
provides by deterring abusers.


>
> > Please discuss the effect of the proposed changes on these aspects of
> > community experience.
> >
> > Thanks,           --Fred
>
> --
> Aleksey
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20110928/877e51aa/attachment.html>


More information about the Systems mailing list