Board Thread:General Discussion/@comment--20150814190019/@comment-281395-20150816123823

TK-999 wrote: Sixorish wrote: I'd also like to rant about this statement as well.

"The specific feedback is that it is unnecessary to transclude the login form on every page. Great news! We agree with that. For a long time, Wikia has been working on our backend for a new log-in and user registration system called Helios. It's built outside of the traditional MediaWiki architecture, which allows us to avoid a lot of the traps MediaWiki architecture has put us in."

How exactly is this statement relevant ...?

Not including the login on every page is a security problem, so you bring up your work on an upcoming login feature that avoids MediaWiki's traps ...? Wikipedia's skin, and all previous versions of it, never had the problem you describe. It's a front-end problem of your skin and it's yours and yours alone. Don't blame someone else for your own problems. I use Monobook and I have to navigate to Special:UserLogin to log in. I don't have the problem described. Wikipedia's current skin does not have the problem described. THIS PROBLEM IS CREATED BY YOU AND NOBODY ELSE. What you mean to say is that you are working on a whole new system to combat the problems of your old system because it's just too simple to change the heavy interactive login field to a link to log in. This isn't just about the login form. It's a security nightmare to allow anyone to just create a wiki, put malicious JS in Common.js and lure a target user there.

They specifically addressed the feedback that the login form should not be on every page. So, the answer is: it is not relevant at all. Wikia designed their skin, including the fancy login-on-every-page aspect of it, so they should accept the blame instead of deferring the blame to MediaWiki's developers. If there's a "MediaWiki trap" for the problem being discussed then it's allowing Wikia to design their own security-flawed skin.