Brion Vibber wrote:
Well, that are problems you got, if you take the easy way. First of all, you save the passwords in clear text in the db? *running to the source* found md5 *wipe* But no salt. Only the hash! *shiver*. I see the urgent reason to get new user accounts and passworts.
Suggestions on improving security are always welcome...
Something like $hash = md5( $userid . $passwort ); I think thats a common way for md5 passwords.
Mainly because that would be strange and inconsistent. :) We need single-name ability to prevent name-snatching. For instance, someone other than Aoineko signed up the Aoineko name on meta.wikipedia.org in order to slyly misattribute posts under his name.
Oh, well this was only intended to be a solution for old users. I possibly missed to write this.
Make a list of uid's and names of all wiki's with the wiki name. Block all the used names for a while (any idea about removing/timing accounts out in mind?) and every old user can 'promote' an old uid to a new uid with the right passwort, or add it to the 'alternate names list', or possibly remove the old name from the blocking list with the right passwort, of course.
That will be a script totaly outside normal wiki pages, becouse after some month you can throw it in the virtual paper basket ;)
But, of course we can start although a run to the new names ;) Smurf