On 1/4/11 12:21 PM Neil Kandalgaonkar wrote: > On 1/4/11 12:51 PM, Platonides wrote: >> I don't see how FS authentication is useful there. >> All authentication would be performed by mediawiki, with a master >> credential such as $wgDBpassword. MediaWiki shouldn't need to send the >> media server a user password! > > Nobody said we'd be sending user passwords over to a media server. Most > of the time, even regular MediaWiki servers don't need to see passwords. > They just need some means to authenticate the session cookie. > > But like I said we don't have very firm plans about how we would do > authentication.
This was just a counter-point to the statement "authentication is really a nice-to-have for Commons or Wikipedia right now". >> (NB sysops should be able to remove goatses from forum avatars...) > > Yeah. Avatars can be tricky. Also to be pedantically correct you want to > have some guard against impersonation (using same icon, and maybe adding > unicode space characters or other trivial changes to username). The last one _should_ already be handled by AntiSpoof. (Although there is, for instance, an open bug about ZWJ, any takers?) _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l