On ven, 2002-03-29 at 17:02, Jimmy Wales wrote:
In the interests of security, I removed special_asksqp.php from the live server. I didn't change anything else, so the link still appears for is_sysop, but is an error page now.
Thanks, I feel much safer now. :) The other thing that worries me is the permanent delete; if I have time I'll try to throw in the beginnings of a semi-permanent delete function (remove from cur table; keep in old). Thus deleted articles could still be fished out of old and restored by someone else with is_sysop status once a suitable interface for doing such is also added.
That should protect against accidental deletions or abuse of sysop priveleges.
A permanent delete is still needed for potential copyright violations and other illegal materials that we wouldn't want distributed in the database dumps; a "flush" of unlinked old revisions from time to time should do it.
I think we should bring this function back, but...
- Passwords should be encrypted in the database. In this way no
one, not even me, can see them.
Most definitely.
- This function should be an is_developer function, so that we can
freely hand out sysops even to people who might not know SQL at all -- or, like me, know just enough to be dangerous. :-)
Would it be safe to limit use to "select" statements for non-is_developer folks, so the curious could still explore the database?
-- brion vibber (brion @ pobox.com)