Author: paxcoder
Description:
[Difficul to subscribe]
"My preferences -> Watchlist" can be used to set or acquire a hash which is said there to be used to subscribe to the "My watchlist" feed. However, this is still a manual process described in a separate page (http://en.wikipedia.org/wiki/Wikipedia:Syndication#Watchlist_feed_with_token) not linked to. It should be automatic - the moment one generates a hash, it should appear as a feed link on "My watchlist" page instead of it offering to subscribe to global "Recent changes" as it does now. The temporary fix might be providing the above link on the "My preferences -> Watchlist" page.
[Security suggestion]
Security feature: You could improve the feed security by regenerating a hash each time one requests the feed. Judging by "My preferences -> Watchlist", generating a new, random, non-repetitive hash is not a problem. The support in feed readers could be achieved by a redirection using an HTTP 301 status code ("Moved permanently"), with the new link including the regenerated(new) hash. This would, in turn, result in a feed reader updating the URL.
In short: Client requests a feed using a link with the hash. If the hash is valid, it gets regenerated, and the client gets redirected to a page with a URL containing the new hash. Next time, the client requests the feed with a new hash, and the process is repeated.
Thanks.
Version: unspecified
Severity: normal