On Tue, Jan 04, 2005 at 08:27:04AM -0500, IvorW wrote:

[could you fix your linewrapping, thanks]

Just having a braindump on this hot topic.

1. We should look to improving the user login side of OG/CW. Currently,

you just go into the "preferences" page and set your ID to whatever you want.

If we have a password associated with the ID, this will hopefully prevent impersonation and other suchlike abuses. OK so the form may be sending the password in clear text

The way I see this working is that a login module can be plugged in, and if one has logged in somehow, an "authenticated" flag would be set in edits, such that we can be sure that that user really did submit the change. That user would then not be presented with the option of specifying a username.

This is also important for copyright control. It would be far too easy to claim infringement if submission is entirely anonymous, but this would of course be up to the individual admin. I wouldn't want to require login, but maybe the copyright could be assigned to the Guide if the change was made anonymously? (I am now defining Anonymous to included non-authenticated usernames).

This is something I've been meaning to look at for absolutely ages; initially I was thinking of integrating with basic auth, but I think a decent cookie-based session login will be more useful (suggestions for modules to use?)

See https://rt.cpan.org/NoAuth/Bug.html?id=9340.

2. Ideally we want OpenGuides to stay wiki, i.e. allow anonymous

contributors. But, there's no reason why it needs to be a WorldWideWiki, open to Chinese and Russian spammers. We could restrict the anonymous login from anywhere but the same country as the guide is located in, decoding the country from the IP address (I'm sure there's a module or three that does this). Of course we still want genuine contributors to add content from abroad - but they can always register and log in :).

I think this is going to be more hassle than use. I am less concerned about spam than impersonation. There's nothing to stop a spammer registering and logging in, so I see this as a different problem.