Bawolff added a comment. |
In T156240#2971262, @daniel wrote:@Bawolff well, right now, all the vandal has to do is go to the page and add [[nds:Bawolff sucks...GHHDCBTSfgjbftgdthn"]] to the page... Granted, the fix is a bit less obvious, but deleting a page is easy enough.
I agree its somewhat of a far fetched scenario (since its high effort for a relatively low amount of disruption). As I said in the parent task, im not sure how important this should be. Maybe we should just document it and deem it an acceptable risk. However the more I think about it the more I like the idea of mitigating by using a keyed hmac with a secret key (to prevent offline attacks)
TASK DETAIL
EMAIL PREFERENCES
To: Addshore, Bawolff
Cc: Bawolff, Lydia_Pintscher, Aklapper, daniel, gerritbot, Addshore, D3r1ck01, Andrew-WMDE, Izno, Wikidata-bugs, aude, Darkdadaah, Mbch331
Cc: Bawolff, Lydia_Pintscher, Aklapper, daniel, gerritbot, Addshore, D3r1ck01, Andrew-WMDE, Izno, Wikidata-bugs, aude, Darkdadaah, Mbch331
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs