Last modified: 2011-03-13 18:06:08 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 3102 - Spam protection: option for non-text usernames in history
Spam protection: option for non-text usernames in history
Product: MediaWiki
Classification: Unclassified
History/Diffs (Other open bugs)
All All
: Lowest enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
  Show dependency treegraph
Reported: 2005-08-10 17:03 UTC by George Chriss
Modified: 2011-03-13 18:06 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description George Chriss 2005-08-10 17:03:07 UTC
Usernames are displayed as plaintext in the page history.  While not normally a
problem, some projects require pre-existing authentication accounts that are
directly tied to an email address.  (e.g. username GSC127 is tied to  Penn State has 100,000+ existing access accounts)

I propose an option to display usernames as small pictures, to hinder attempts
to harvest mass emails for spam. already has this type of
protection scheme.
Comment 1 Rowan Collins [IMSoP] 2005-08-10 18:46:54 UTC
The big problem with this is that the username still has to appear as text at
some level anyway, in order to link to the User: page, contributions, etc (you
can have a picture as the link, but you've still got to have the link target as
text in the source).

The better solution would therefore seem to be for the organisers of a project
not to use usernames linked to e-mail addresses in this way. For instance, a
sign-up system could be created that verifies existing credentials during
account creation, while allowing the user to choose their own username for the
new system - I think some of the uses of AuthPlugin.php do something along these

As for your PSU example, however, I feel the ability to spider history entries
on a wiki is somewhat outwheighed by the ability to access a nicely uniform list
of every single user account, including their account name/e-mail address:

Marking this as "WONTFIX", because it doesn't seem feasible to me.

Note You need to log in before you can comment on or make changes to this bug.