WikiModerationWithoutPasswords is impossible. We just have to accept the burden of logging in even though LoginsAreEvil.
I don't think there's any need to rely on IP addresses to identify an individual. Instead, the cookie mechanism works just fine, as follows:
- Create a registration page, similar to the current UserName page, in which an individual creates a unique username and password. This creates a private UserProfile?, referenced in some way from the UserName. (Of course, LoginsAreEvil)
- Establish sign in screen that challenges a user without a cookie for login information and issues a cookie in response to correct information.
- Associate specific capabilities with the UserProfile?, referenced via the cookie.
- Adjust the lifetime of cookies as experience indicates.
In such a scheme, users can have as many cookies as they have systems. A system administrator who determines that a particular user should have a particular capability blocked (such as edit or delete) can do so by a change to the UserProfile?
. A user can quickly see, via the UserProfile?
, what their current status is.
Most users, presumably, would receive these cookies much like they do with the current UserName cookie, and then proceed to use the site as usual.
Finally, my security experts tell me that for maximum security, these cookies should last only for the duration of the session within which they are created. This makes it easier to, for example, handle situations where multiple people share the same computer. It also makes it harder to forge cookies.
In any case, the IP address is a terrible, unreliable mechanism for establishing or validating user identity. A cookie mechanism is far preferable.
Lots of good ideas here. I'll add my own thoughts. There are some overlaps with other ideas here, but a couple of subtle differences. Nothing Earth-shattering here, but there you go. I've been a regular visitor but only very occasional contributor to Wiki over the last few years, but this is my last contribution to Wiki, as I am increasingly frustrated with the way it's going.
(note - this idea does fly in the face of the principle of not having to log in, but I believe Wiki has to evolve to survive and the nature of the posters on here has changed such that we can't trust everyone to contribute meaningful / valuable content - so moderation is needed).
Ok... Any user can read Wiki, but to contribute, they must register.
- The information they have to give is "valid email address", "username" and "password".
- When they submit their registration, server-side code checks these details against a table of "excluded people". If it isn't on there, generate some kind of token, and add them to the user table in a row that has a boolean column of "isAuthorised" set to "false".
- Auto-respond to the user via email with the generated token (thus validating their email address) requiring them to visit a URL to rekey their username, password and also the new token. This updates their table entry with "isAuthorised" set to "true".
- When a user wants to contribute to Wiki, they go to the log in page, enter their username and password, which checks the "excluded people" table and the "isAuthorised" field on the "user table" and delivers a cookie that is only valid for the duration of their session.
- When we get undesirable contributors who are repeatedly disruptive to the general well-being, some designated "official" (Ward or some trusted friend of Ward who is given additional authority to act on Wiki) can remove that person's entry on the "user table" and move it to the "excluded people" table (either permanently or for a specified time, depending on the severity of the misdemeanour).
- People have the option when editing a page of whether their username is displayed in RecentChanges or not (perhaps through some user preferences?), allowing people to still post anonymously if the wish. However, their identity would be discoverable by some authorised person if their anonymous contributions were inappropriate or not in the spirit of Wiki. So the quality of even the anonymous postings would be higher.
I'm sure there are flaws in this approach. I'm sure that many people will think that it is too far removed from the fundamental nature of Wiki, but I believe that those people who are genuinely interested in making and receiving valuable contributions would not be fazed by it.
-- Matt Stephenson
It is very easy to set up a web based email account and false identity...
True, but as each one is blocked by the administrator, the culprit has to register another. It would discourage the casual vandal.
I am mostly interested in combating WikiSpam. I thought this was a fairly simple solution: moderate anonymous submissions only. If someone creates an account, maybe with an e-mail address, they can post freely. It's the drive by spammer that makes it really annoying to be a part time wiki admin. I don't want to shut out anonymous contributors, so, moderation of anonymous posting seems like a good idea. Has anyone seen a wiki implementation that does this? -- MattOlson