On Tue, Jan 04, 2005 at 08:27:04AM -0500, IvorW wrote:
[could you fix your linewrapping, thanks]
Just having a braindump on this hot topic.
1. We should look to improving the user login side of OG/CW. Currently,
you just go into the "preferences" page and set your ID to whatever you
If we have a password associated with the ID, this will hopefully
prevent impersonation and other suchlike abuses. OK so the form may be
sending the password in clear text
The way I see this working is that a login module can be plugged in, and
if one has logged in somehow, an "authenticated" flag would be set in
edits, such that we can be sure that that user really did submit the
change. That user would then not be presented with the option of
specifying a username.
This is also important for copyright control. It would be far too easy
to claim infringement if submission is entirely anonymous, but this
would of course be up to the individual admin. I wouldn't want to
require login, but maybe the copyright could be assigned to the Guide if
the change was made anonymously? (I am now defining Anonymous to
included non-authenticated usernames).
This is something I've been meaning to look at for absolutely ages;
initially I was thinking of integrating with basic auth, but I think a
decent cookie-based session login will be more useful (suggestions for
modules to use?)
2. Ideally we want OpenGuides to stay wiki, i.e. allow
contributors. But, there's no reason why it needs to be a
WorldWideWiki, open to Chinese and Russian spammers. We could restrict
the anonymous login from anywhere but the same country as the guide
is located in, decoding the country from the IP address (I'm sure
there's a module or three that does this). Of course we still want
genuine contributors to add content from abroad - but they can always
register and log in :).
I think this is going to be more hassle than use. I am less concerned
about spam than impersonation. There's nothing to stop a spammer
registering and logging in, so I see this as a different problem.
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)