Last modified: 2010-06-20 17:04:00 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T13066, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 11066 - Editing Security Reccomendation
Editing Security Reccomendation
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Page editing (Other open bugs)
unspecified
All All
: Low enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-26 00:17 UTC by Tyler Romeo
Modified: 2010-06-20 17:04 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Tyler Romeo 2007-08-26 00:17:26 UTC
This idea of mine is still in development, so please try and expand on it instead of simply approving or disapproving the idea. Thank you.

I am well aware of Wikipedia's anonymous editing security issue, and I think I may have a solution to possible increase security is certain articles. If an article seems to have a pattern of vandalism or other edits that are against policy, but the article does not need be locked (like if editing is not severe), then the article can be, as I put it, restricted. When an anonymous editor edits the article, instead of being directly applied to the article, the edit is submitted to a page (sort of like the discussion page, where the page can be accessed via the tabs at the top of the article) where it can be reviewed. In other words, if a shady user trys to edit an article, the edit is sent to be approved by a trustworthy member.

The loophole with this plan is that if the anonymous editor simply registers and approves the edit (or the editor just registers and makes the edit), then the edit will be approved. However, I have edited the system to work with the bug. Instead of the edit being approved by any user, it has to be approved by a user that has been voted into a posistion (such as Trustworthy User For "WhateverArticleItIs") by other users, making the system much harder to break. With this fix, the only way to bypass it is to get a whole team of vandalizers to vote a leader as a trusted user and then submit an edit (which is difficult seeing that by the time the edit is approved, somebody would have noticed their plan).

Here is how it breaks down: If an article, for any reason, must be restricted, this system is put into place. First, a user asks to become a Trusted User for the article. If enough registered users vote for him, he gets the posistion. When anybody (except for Trusted Users, they can edit at will) tries to make an edit to an article, the edit must be approved by the Trusted User, or the article does not accept the edit. The final exception is that any user can report if a Trusted User is abusing its powers. As I said, please read the edit through and try to make something of it, because I think it might help a lot. Keep in mind, only certain articles will be using the system, meaning other articles can still keep the normal editing system.
Comment 1 Roan Kattouw 2007-08-26 11:02:17 UTC
I don't think this whole procedure is really necessary. If an article is vandalized only occasionally, others will notice and revert it. If it's vandalized a lot, it'll be protected or semi-protected.
Comment 2 Tyler Romeo 2007-08-26 22:57:05 UTC
Yes, but there is no use protecting an article if the vandalizer has already been a registered user for a long time, which some vandalizers are. In addition, I know many articles that have frequent vandalism which still have not been locked, even after requests have been made to many people.
Comment 3 Brion Vibber 2007-08-27 18:10:22 UTC
Per-page permissions isn't something we're planning to add at the moment.
Comment 4 Chad H. 2007-08-27 18:11:57 UTC
Wouldn't this be essentially the same as FlaggedRevs, etc?
Comment 5 Max Semenik 2010-06-20 17:04:00 UTC
Closing as a duplicate of FlaggedRevs.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links