On 24/07/2009, at 2:34 AM, Aryeh Gregor wrote: > On Thu, Jul 23, 2009 at 2:32 PM, Cody Jung<funkyca...@gmail.com> > wrote: >> Wouldn't adding a salt fix this? They would have to have both the >> username, the database, and the salt value to decrypt the wiki list. > > In other words, they would have to have access to your server, nothing > more. No, it wouldn't fix it. > > After some discussion in #wikimedia-toolserver, Duesentrieb pointed > out that a) this issue would be solved if MediaWiki just allowed RSS > feeds for watchlists, and b) it would probably take less work for me > to add that feature to MediaWiki than to develop an authentication > framework that would allow users to securely permit toolserver apps > access to their watchlists. MrZ-man helpfully pointed out that the > API already supports watchlist feeds, so I was able to hack on support > for token-based authentication pretty easily: > > http://www.mediawiki.org/wiki/Special:Code/MediaWiki/53703 > > Major limitations right now are 1) the default is an empty string, > which means "don't use", so it's opt-in; 2) the URL for the feed isn't > actually output anywhere. Watchlist aggregators should now be easy to > set up, plus people can just use their favorite feed reader.
Awesome, I've been meaning to implement this for ages. Some feedback: * I think you should create a new field class for preferences to allow the user to enter a token or press a button to have one generated. This would also allow you to add the link to the feed underneath. * I think you should add appropriate meta tags and sidebar links to the RSS feed. -- Andrew Garrett agarr...@wikimedia.org http://werdn.us/ _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l