Yes! I suggested that we have a separate 'is_developer' status. I
assume that in addition to the problem you mentioned, people could
also issue destructive commands easily enough.
I suspect that even with is_developer, we should also do something
about the password problem. I don't think there is any good reason to
store the passwords in plaintext.
Well, there's one -- it's nice to be able to email someone their
password if they forget it. But a better (more secure) solution is to
email them a *new* password if they forget their *old* one.
The way this should work is this:
1. If you forget your password, you can just enter your email address on the site.
2. A new password is randomly selected and mailed to your email
address. At this juncture, though, *either* password should work,
both the old and the new. (This prevents a denial-of-service pest
from locking you out by requesting your password every 5 minutes, thus
causing your old one not to work.)
3. If you log in with your new password, it replaces your real
password. Or else you are prompted to select a new password at that
point.
4. If you never log in with the new password, nothing else needs to happen.
Your old one will still work.
In any event, ALL of these passwords should be stored encrypted.
-------------
The key is to protect against people being annoying, while also giving
some degree of security.
Wikipedia passwords aren't so precious -- but still, a certain level
of security makes good sense. It isn't so much a concern about people
"breaking into your wikipedia account" -- in the old days, the whole
notion of an "account" was a total fiction anyway. It's more the concern
raised by Lee -- people shouldn't, but they do reuse passwords for both
sensitive and nonsensitive things.
As for me, you can now use my password from the wikipedia database to see all
sorts of things requiring free registration all over the web. :-)