On 1/30/06, Brion Vibber <brion(a)pobox.com> wrote:
Tomasz Wegrzanowski wrote:
So, while dictionary-checking sysops'
passwords make a lot of sense,
there's very little point in limiting passwords of the non-privileged accounts.
At the moment we don't have a separate switch for sysops, nor any control which
would prevent blank-password accounts from being made into sysops. I'd rather
risk disabling a few accounts temporarily than keep the incredibly dangerous
sysop accounts open (which could be used potenially to great destructive effect).
Take your list of users with blank passwords. Import into database.
Join with the groups table to turn it into sysops.. use that as a
subselect in an update query to blank the password hash field on those
I'd just write the statement off the top of my head, but I'm not used
to dealing with those field. :)