Touhou Patch Center:Security

From Touhou Patch Center
Jump to: navigation, search
Project overview
About Tutorial FAQ Patch servers Download Patch overview Bug tracker Artwork Wiki security

This page only describes the security measures on the wiki side.

If this can be be edited by anyone, what are the safety procedures in place in order to fight spammers?

The blocking of anonymous editing and the captcha-protected account registration (powered by the ConfirmEdit extension) are our main means of security on the wiki side. This completely wards off all of the usual MediaWiki spam bots.

Since there have been no cases of abuse so far, we don't have any more sophisticated safety procedures against human spammers yet. For anything that comes to mind, we would need to give special rights to certain users. This would invariably involve group politics and unforeseen commitment on part of the contributors for a certain language.

As we're still busy with getting everything ready, this seems very much like feature overload at this point.

This means that, as of now, you should not expect us to "protect" your translations from anything that doesn't look like clear vandalism. The most active users don't speak every language present on this site, and couldn't distinguish between good and bad faith edits if the vandals are particularly clever.

However, we do have a few things in mind in case we're hit by extended attacks of vandalism one day:

  • Extension:FlaggedRevs seems like the cleanest solution. Pages are still freely editable (and translatable), but moderators for each language will have to review and approve each revision for use in the patches.
  • If that won't work with the translation functionality for some reason, we're going to switch to a "stable release" model. The converted patch data will then be hosted as a static archive, which is updated on a regular basis.
    This may sound like a step back the old static English patches at first - but keep in mind that both the local patcher (the program visible to the end user) and all the data conversion code continues to be used. Even patch stacking will still work. In the end, we'd only be losing one way of automation, which also happens to be the least important one in the process.

A note to the vandals

Love and tolerance is our motto. Thus, we want to try loving and tolerating you too. But in order to achieve that, you need to co-operate as well.

With the admin enjoying the fine art of trolling the Touhou fanbase himself, we know how powerful the appeal of lulz can be. But is has no place in the "normal" language translations.

If you feel that a translation of Touhou into gangsta slang, leetspeak, your local dialect etc. will bring such mayor lulz, then go ahead! Before you start, please request the admin to create an appropriate language code for you.

What about these binary hacks and breakpoints? Don't these, in theory, allow anyone to crash everyone's games and even to spread malware?

Adding, removing or modifying the content of these templates is restricted to administrators and trusted users with special permission. These rights are checked for any page on each save request.

The full list of templates restricted in this way is as follows:

  • {{thcrap_tl_patches}}
  • {{thcrap_binhack}}
  • {{thcrap_breakpoint}}
  • {{thcrap_version_info}}
  • {{thcrap_ver_info}}

Note that this level of protection is separate from the usual MediaWiki per-page protection. If a page with one of these templates does not have the classic MediaWiki protection, it is still possible for anyone to edit text around these templates.