hi all, I want to know that how we can encrypt the paasword into mediawiki. we are providing paasword for each user. so if we use any encryption technique like md5 and use salt then how to retrieve from the database by reversing these.As i heard about hashing technique also. which will solve the security issue. please suggest if any other technique will solve better.
Thank you in advance.
I think i frame my question little bit confusing, let me modifie a bit I need to know that In what form is the password stored in MediaWiki, OR, What encryption do we need to use to store a password manually in MW user table?".
---------- Forwarded message ---------- From: sharmishtha gupta sharmishtha.gupta@gmail.com Date: Mon, 14 Jan 2008 11:30:51 +0530 Subject: encryption of paasword To: mediawiki-l@lists.wikimedia.org
hi all, I want to know that how we can encrypt the paasword into mediawiki. we are providing paasword for each user. so if we use any encryption technique like md5 and use salt then how to retrieve from the database by reversing these.As i heard about hashing technique also. which will solve the security issue. please suggest if any other technique will solve better.
Thank you in advance.
sharmishtha gupta wrote :
I think i frame my question little bit confusing, let me modifie a bit I need to know that In what form is the password stored in MediaWiki, OR, What encryption do we need to use to store a password manually in MW user table?".
see : http://lists.wikimedia.org/mailman/htdig/mediawiki-l/2007-August/022784.html and the file includes/GlobalFunctions.php (function wfEncryptPassword( $userid, $password ) )
Hi,
We want to disable Signup for new users in mediawiki and want to add them into database manually. for this we want to understand the sequence of function used to store a new user into mediawiki database. we looked this:- includes/GlobalFunctions.php
function wfEncryptPassword( $userid, $password ) { global $wgPasswordSalt; $p = md5( $password);
if($wgPasswordSalt) return md5( "{$userid}-{$p}" ); else return $p; }
But need to know that where $wgPasswordSalt set its value and finally where this function called to get encryted password.
Can you suggest sequence of storing a new user in mediawiki as this will be of great help.
Thank you
On 1/14/08, Alexis Moinet alexis.moinet@fpms.ac.be wrote:
sharmishtha gupta wrote :
I think i frame my question little bit confusing, let me modifie a bit I need to know that In what form is the password stored in MediaWiki, OR, What encryption do we need to use to store a password manually in MW user table?".
see : http://lists.wikimedia.org/mailman/htdig/mediawiki-l/2007-August/022784.html... the file includes/GlobalFunctions.php (function wfEncryptPassword( $userid, $password ) )
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
The simplest way to do this would be :
1. edit LocalSettings.php and add $wgGroupPermissions['*']['createaccount'] = false; (see http://www.mediawiki.org/wiki/Help:User_rights) 2. login as an admin (sysop) of the wiki and then go to http://yourwiki/index.php?title=Special:Userlogin&type=signup (or go to http://yourwiki/index.php/Special:Userlogin and click on the "Don't have a login? Create an account" link) 3. fill the form to create a new user
This is the safest/simplest way to create new users while disabling new account creation
However it's not practical if you have a bunch of users to create, you might want to check and modify the php script in maintenance/createAndPromote.php (see http://www.mediawiki.org/wiki/Manual:Maintenance_scripts)
In that file you'll find the sequence of php instructions needed to create a new user (it will also give him admin rights, you'll need to remove that part of the code)
Or maybe there already is a php script for what you're asking on http://www.mediawiki.org ...
Alexis
sharmishtha gupta wrote :
Hi,
We want to disable Signup for new users in mediawiki and want to add them into database manually. for this we want to understand the sequence of function used to store a new user into mediawiki database. we looked this:- includes/GlobalFunctions.php
function wfEncryptPassword( $userid, $password ) { global $wgPasswordSalt; $p = md5( $password);
if($wgPasswordSalt) return md5( "{$userid}-{$p}" ); else return $p;
}
But need to know that where $wgPasswordSalt set its value and finally where this function called to get encryted password.
Can you suggest sequence of storing a new user in mediawiki as this will be of great help.
Thank you
On 1/14/08, Alexis Moinet alexis.moinet-LfqbaU+xhLyZIoH1IeqzKA@public.gmane.org wrote:
sharmishtha gupta wrote :
I think i frame my question little bit confusing, let me modifie a bit I need to know that In what form is the password stored in MediaWiki, OR, What encryption do we need to use to store a password manually in MW user table?".
see : http://lists.wikimedia.org/mailman/htdig/mediawiki-l/2007-August/022784.html... the file includes/GlobalFunctions.php (function wfEncryptPassword( $userid, $password ) )
MediaWiki-l mailing list MediaWiki-l-RusutVdil2icGmH+5r0DM0B+6BGkLq7r@public.gmane.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Im 99% sure it is just md5. You cant undo md5 though, just not how it would works.
But you would just say is md5('mypassword') = to the password stored in the database.
Hope that helps. -Adam
On Jan 14, 2008, at 1:00 AM, sharmishtha gupta wrote:
hi all, I want to know that how we can encrypt the paasword into mediawiki. we are providing paasword for each user. so if we use any encryption technique like md5 and use salt then how to retrieve from the database by reversing these.As i heard about hashing technique also. which will solve the security issue. please suggest if any other technique will solve better.
Thank you in advance.
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Im 99% sure it is just md5. You cant undo md5 though, just not how it would works.
But you would just say is md5('mypassword') = to the password stored in the database.
I'm almost positive that MediaWiki uses a non-standard md5 hash in the database.
Why not just use the already available functions to add users? Notice that all auto-authentication plugins do this. Take a look at LdapAuthentication, SSLAuthentication, ShibbolethAuthentication, or any other well maintained auto-authentication plugins you can find to see how to reliably do this.
V/r,
Ryan Lane
mediawiki-l@lists.wikimedia.org