|Resolved||Urbanecm||T258356 Allow users at all private/fishbowl wikis to use botpasswords|
|Resolved||Bawolff||T159519 Investigate security concerns on enabling OAuth or BotPasswords for stewardwiki|
I believe the only reason BotPasswords aren't enabled on private wikis is that each non-SUL wiki needs the bot_passwords database table created before it can be enabled.
OAuth is probably a similar situation. There it would need the relevant database tables created and also CommonSettings.php would need updating since it currently assumes every wiki with OAuth enabled is SUL (except for labswiki and labstestwiki, which are hardcoded as exceptions).
Thanks @Anomie for your reply. I was told that indeed either the OAuth or BotPasswords table needs to be created on those wikis for the feature to work. Given that stewardwiki requires a high level of security, I'd go with OAuth, but I'd like to hear from the Security-Team first (ping @Bawolff and @dpatrick) for any blockers they might think about this. Regards.
Hi, I'm going to mark this resolved, as the security concern question was answered. If you want to have bot_passwords or oAuth enabled on any particular wiki its not currently available on, please file whatever-the-modern-name for a shell-request bug is, with community consensus if applicable.