[pydotorg-www] Changing default wiki permissions
M.-A. Lemburg
mal at egenix.com
Fri Jan 25 12:19:23 CET 2013
On 24.01.2013 23:24, Paul Boddie wrote:
> Aahz wrote:
>> On Thu, Jan 24, 2013, M.-A. Lemburg wrote:
>>> We're currently working on setting up the new VM with the Python and
>>> Jython wikis.
>>>
>>> In order to increase security and also to help a bit with avoiding
>>> spam/vandalism, we'd like to disable editing of wiki pages without
>>> login.
>>>
>>> Any objections ?
>>
>> That was in fact the setup previously, and I strongly support reverting
>> to it. As Barry notes, there are some pages that will need a higher
>> level of protection, but as long as we've got off-VM backups, we can
>> handle any mishaps.
>
> Indeed. I don't buy into the myth that people perpetuate about Wikis having to
> allow anonymous access or otherwise be instruments of The Man, or whatever.
> The Internet is full of people who will happily pollute any editable site
> with their idiotic spams and scams, and some fairly basic measures will deter
> the bulk of these people.
Given the positive echo, we'll go ahead with requiring logins for
edits per default.
> I recommend...
>
> Requiring some kind of login. This actually makes it easier for the editors to
> see at a glance who has edited a page (Aahz rather than, say,
> 123-client.456-server.verizon.com) and make a quick judgement about whether
> the edit needs investigating. We can support OpenID - you can even use your
> Python Package Index identity! - and so don't even need to make people set
> and remember distinct passwords.
>
> Maintaining the textcha protection for random newcomers. I appreciate that
> textcha questions can be a pain - on one Wiki I use, the questions required a
> fair amount of research on my part because I am a mere developer and not part
> of the target audience - but we can migrate people quickly to a group/list
> that doesn't get bothered with questions. Textcha can be very effective: on
> some sites I've seen where they turned the feature on, spam was more or less
> eliminated.
We are using text based capchas for the Python and Jython wiki -
for both unregistered and registered users. There's a group
of trusted editors which doesn't have to bother with the captchas.
Additionally, we have a blocked user group to disable known spam
accounts.
> Having some kind of mechanism for managing new user registration. I wouldn't
> want to impose the approval of new users because it stops the quick-but-good
> edits of people who are new to the Wiki but want to fix something, but it is
> the case that there may be a lot of "registration spam", meaning that the
> Wiki fills up with users who will never succeed in making an edit because
> they can't answer the textcha questions. Maybe there are already tools that
> deal with this. If not, I may be encouraged to write something.
We currently have 11000 users registered for the Python wiki. I do
believe that many of those are no longer in use. Since we're resetting
the password of the users now, we should get a good feel for the
actual number of active users after a few months: the inactive ones
will show up as not having registered a new password.
> Beyond this, we could introduce edit approval for random newcomers - I wrote
> something that puts edits in approval queues - but this is really something
> for a site where you want the barrier to editing to be very low but the
> barrier to publishing to be much higher. For the Python Wikis, the barrier to
> editing should be low but not *very* low, and the barrier to publishing
> should not be significantly higher.
If spam from registered users becomes more of a problem, we could
increase the number of captcha phrases.
> Finally, I would like to thank Marc-André for his forensic and recovery work
> as well as Thomas and Reimar for their work in attempting to restore the
> content. Once again, the PSF should be thanked for making resources available
> for the improvement of MoinMoin in various respects. Ensuring the vitality of
> widely-used Python projects like MoinMoin is an essential part of ensuring
> the vitality of Python itself.
Thanks,
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Jan 25 2013)
>>> Python Projects, Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
More information about the pydotorg-www
mailing list