[Systems] SL Central Login (was Re: [Systems-logs] [DNS] Sugar Labs DNS zone data branch, master, updated. 8f472af67a1177a9644675b1fd2c2af7dff2e77a)

Aleksey Lim alsroot at activitycentral.org
Wed Sep 28 01:07:45 EDT 2011


On Wed, Sep 28, 2011 at 12:02:49AM -0400, Frederick Grose wrote:
> On Tue, Sep 27, 2011 at 11:11 PM, Aleksey Lim
> <alsroot at activitycentral.org>wrote:
> 
> > On Tue, Sep 27, 2011 at 10:35:20PM -0400, Frederick Grose wrote:
> > > On Tue, Sep 27, 2011 at 4:57 PM, Aleksey Lim <
> > alsroot at activitycentral.org>wrote:
> > >{...}
> >
> 
> 
> > > Since 13 July 2010, all new wiki accounts have been required to use
> > OpenID.
> > >  This has greatly reduced wiki abuse.
> > >
> > > Many wikis are abused by new account page attacks.  For some reason,
> > those
> > > abusers don't bother with the OpenID authentication.
> >
> > I don't remember, does mediawiki use email verification for creating new
> > accounts?
> >
> 
> MediaWiki offers this configuration option
> https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Manual:$wgEmailAuthentication
> which enables emailing services, such as for watch lists and password
> resets.
> $wgEmailAuthentication = true;
> for our wiki.
> 
> This configuration flag,
> https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Manual:$wgEmailConfirmToEdit
> which requires people to supply an email address when registering,
> is not set in our wiki.
> 
> 
> > > Will the CAS implementation provide a similar deterrent without imposing
> > a
> > > usability barrier?
> >
> > At least it should look the same as it was before disabling creating new
> > users on wiki, i.e., the option to follow cas/ldap way
> 
> 
> which suffered from freely authenticating abusers.
> 
> (with having
> > single login) and using opneid (w/o single login). And ideally for all
> > SL services.
> >
> 
> This seems to say that single login may compromise the protection OpenID
> provides by deterring abusers.

I meant the same from users pov. But technically, the register link will
point to enother web application (the irc logs poted above was talking about
reusing wiki for that, but it seems to be not possible for my first sight)
where we can implement anti-abusers features.

> >
> > > Please discuss the effect of the proposed changes on these aspects of
> > > community experience.
> > >
> > > Thanks,           --Fred
> >
> > --
> > Aleksey
> >

-- 
Aleksey


More information about the Systems mailing list