On Wed, Mar 27, 2013 at 9:31 AM, Daniel Friesen daniel@nadir-seen-fire.com wrote:
On Wed, 27 Mar 2013 00:19:53 -0700, Brian Wolff bawolff@gmail.com wrote:
Please don't. I've been trying to slowly move us away from depending on wgSecretKey's secrecy for security. Eventually I hope to try an eliminate dependence on it from extensions too. And in an ideal case, eventually stop setting it in the installer (unless you have an edge case where a little more entropy for CryptRand could be useful; Or maybe not, I need to double check which case that was, but it might not even exist anymore with our version requirements).
I see people over and over asking for help and inadvertently handing that information which is supposed to remain secret right over in public.
Instead of trying to make the paths a secret just don't put that data inside of public /tmp directories. I recommend setting your git director config to false and in an extension setup function set it to some path based on the upload directory. This is basically what we used to do with $wgTmpDirectory which was used by CACHE_DBA.
-- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Getting slightly offtopic, but a world where people stop spamming us with $wgSecretKey would be nice ;)
However, you're still going to have $wgUpgradeKey, and $wgDBpass ... Perhaps it'd be cool to split LocalSettings.php into LocalSettings.php and PrivateSettings.php
I recommend setting your git director config to false and in an extension setup function set it to some path based on the upload directory
Given that the upload directory is web accessible (and many people don't even turn off php_engine in that directory [speaking of which, why don't we add that to the default .htaccess for that directory]), having arbitrary git checkouts in such a directory seems kind of scary too.
--bawolff