Board Thread:General Discussion/@comment--20150814190019/@comment-26402117-20150817142850

Sixorish wrote: TK-999 wrote: Sixorish wrote: I'd also like to rant about this statement as well.

"The specific feedback is that it is unnecessary to transclude the login form on every page. Great news! We agree with that. For a long time, Wikia has been working on our backend for a new log-in and user registration system called Helios. It's built outside of the traditional MediaWiki architecture, which allows us to avoid a lot of the traps MediaWiki architecture has put us in."

How exactly is this statement relevant ...?

Not including the login on every page is a security problem, so you bring up your work on an upcoming login feature that avoids MediaWiki's traps ...? Wikipedia's skin, and all previous versions of it, never had the problem you describe. It's a front-end problem of your skin and it's yours and yours alone. Don't blame someone else for your own problems. I use Monobook and I have to navigate to Special:UserLogin to log in. I don't have the problem described. Wikipedia's current skin does not have the problem described. THIS PROBLEM IS CREATED BY YOU AND NOBODY ELSE. What you mean to say is that you are working on a whole new system to combat the problems of your old system because it's just too simple to change the heavy interactive login field to a link to log in. This isn't just about the login form. It's a security nightmare to allow anyone to just create a wiki, put malicious JS in Common.js and lure a target user there.

They specifically addressed the feedback that the login form should not be on every page. So, the answer is: it is not relevant at all. Wikia designed their skin, including the fancy login-on-every-page aspect of it, so they should accept the blame instead of deferring the blame to MediaWiki's developers. If there's a "MediaWiki trap" for the problem being discussed then it's allowing Wikia to design their own security-flawed skin.

We've visited the topic of Wikia's domain-based design decisions in general MANY MANY times. When you go to Wikia, expect ads, login on all pages and other things that the staff have conclusively and internally developed a consensus for. Your complaint will probably not be accepted under the reason that all contribution-based online communities are currently growing with low-editcount users and are losing the 1% of top-quality editors at haemorrhaging speed. The uptake of new editors WILL slow if the option is removed. I see no point in removing it if it can be patched with Helios and I want to see more editors around Wikia so I agree with the staff. The staff decide to try and do what's best for Wikia and implement that in a secure way. We should trust them to take care of the domain and security while we edit. You can try to convince them to use a login page but its probably not going to change, even though existing users would be happy for a secure TLS/SSL login page.

Good luck with that suggestion however.