I think they mean where an account has been made and given rights before
the user account is logged into, thus making it not a bug.
On 03/08/10 01:22, Q wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 8/2/2010 7:18 PM, jidanni(a)jidanni.org wrote:
Say, I noticed on Wikia one can make a user an
administrator, even if he
has never logged in yet.
This exposes a security risk. A bureaucrat pre-makes some accounts for
future administrators, but before they establish accounts, somebody else
establishes an account with that name, and becomes an instant
administrator.
I'm wondering if the is a MediaWiki-wide bug, or just Wikia's.
Wikia bug if they're doing something stupid like populating the user
groups table without a corresponding user. MediaWiki wont let you
assign groups to users that don't exist.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJMV2E2AAoJEL+AqFCTAyc2c6oIAJkC9sDm+w6IVCYdQ8/iYdbd
Zd2z2tz+AJCE+ZNa6BFb3dCEl1yUcpp0D4b0iRA2Cn0AgjTXQuz0wSsVT6MTiSI1
1OM2D9Tlv/xoY0PotVevIFuCaO4XKIzkAUpWR8Htc0rhh8f1+Lo7k668iG4yWIFS
iSBlHdsG5G+Ugqk9IbCRm9jErL8WkGUz/D5b9KD7Azu8CtCOSCowOz3qvuJNT7z+
KgDQCp4aavl7FZEDYhqxjYQPWIDsHI7d3nBoD713vpjfSCroYkrDa9v0ZqlMRTFw
agL1XBG+7fanaz0iIqDcOxrgIUL1AqEXNtEt32frKrE546euRhb+sFyIVFhJxBI=
=5hTF
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l