Wiki Moderation With Passwords

WikiModerationWithoutPasswords is impossible. We just have to accept the burden of logging in even though LoginsAreEvil.

I don't think there's any need to rely on IP addresses to identify an individual. Instead, the cookie mechanism works just fine, as follows:

In such a scheme, users can have as many cookies as they have systems. A system administrator who determines that a particular user should have a particular capability blocked (such as edit or delete) can do so by a change to the UserProfile?. A user can quickly see, via the UserProfile?, what their current status is.

Most users, presumably, would receive these cookies much like they do with the current UserName cookie, and then proceed to use the site as usual.

Finally, my security experts tell me that for maximum security, these cookies should last only for the duration of the session within which they are created. This makes it easier to, for example, handle situations where multiple people share the same computer. It also makes it harder to forge cookies.

In any case, the IP address is a terrible, unreliable mechanism for establishing or validating user identity. A cookie mechanism is far preferable.

Lots of good ideas here. I'll add my own thoughts. There are some overlaps with other ideas here, but a couple of subtle differences. Nothing Earth-shattering here, but there you go. I've been a regular visitor but only very occasional contributor to Wiki over the last few years, but this is my last contribution to Wiki, as I am increasingly frustrated with the way it's going.

(note - this idea does fly in the face of the principle of not having to log in, but I believe Wiki has to evolve to survive and the nature of the posters on here has changed such that we can't trust everyone to contribute meaningful / valuable content - so moderation is needed).

Ok... Any user can read Wiki, but to contribute, they must register.

I'm sure there are flaws in this approach. I'm sure that many people will think that it is too far removed from the fundamental nature of Wiki, but I believe that those people who are genuinely interested in making and receiving valuable contributions would not be fazed by it.

-- Matt Stephenson

It is very easy to set up a web based email account and false identity...

True, but as each one is blocked by the administrator, the culprit has to register another. It would discourage the casual vandal.

I am mostly interested in combating WikiSpam. I thought this was a fairly simple solution: moderate anonymous submissions only. If someone creates an account, maybe with an e-mail address, they can post freely. It's the drive by spammer that makes it really annoying to be a part time wiki admin. I don't want to shut out anonymous contributors, so, moderation of anonymous posting seems like a good idea. Has anyone seen a wiki implementation that does this? -- MattOlson


View edit of May 16, 2006 or FindPage with title or text search