I expect they would be different databases. But would not an exploit be able to escalate privileges so that all databases could be affected?
B.
On Nov 2, 2014, at 7:43 PM, Tom tom@hutch4.us wrote:
Just to be clear. Your MW and Drupal share the same DB with a different prefix?
Tom
On Nov 2, 2014, at 6:31 PM, Alex Monk krenair@gmail.com wrote:
Just be careful about the 'MediaWiki:' restricted namespace pages. Those can have things like JavaScript which MediaWiki often deliberately does not escape.
On 2 November 2014 23:20, Bartosz Dziewoński matma.rex@gmail.com wrote:
On Sun, 02 Nov 2014 23:53:28 +0100, Boris Steipe boris.steipe@utoronto.ca wrote:
If I understand the Drupal advisory correctly, backdoors could have been
installed in the database. I don't know nearly enough about this, but I suspect this could mean that a backdoor could reappear on the new machine if I were to dump my current Wiki tables from the old machine and reinstall them on the new machine. Is this correct? And if so, what would the best strategy be for recovery? I hope this can be done more efficiently than copy/pasting Wikitext.
If you want to be extra paranoid, and you only care about the contents of pages (and possibly their earlier versions) and none of all the boring extra data, then you can export and import the contents of wiki pages. This should always be safe, as MediaWiki assumes that all page text is hostile user input and always parses and escapes everything that needs it.
https://www.mediawiki.org/wiki/Manual:Importing_XML_dumps
-- Bartosz Dziewoński
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l