--- Brion Vibber brion@pobox.com wrote:
On Sun, 2003-03-30 at 07:04, Tim Starling wrote:
Gee, the interesting things you find when browsing
the wikipedia codebase.
Don't you people know what salt is?
Nothing like reinventing a wheel to reinvent old bugs, is there? :)
Don't worry, I fixed it. What do I do with the
rectified code (once I've
read over it a couple more times)?
By all means, send it over.
Obviously we'd have to add a note explaining that everyone has to reset their password. Not everyone has an e-mail address attached to their account, so we'd need to add a web form for doing this. That obviously would require first validating the person with their current password with the current hashing code; so we'd probably need a marker to indicate that each users' password field is upgraded.
Of course, all our passwords are sent in cleartext over the internet anyway, so should never be assumed to be secure.
-- brion vibber (brion @ pobox.com)
Si. And remember, on the first of january 2003, someone took over three sysops accounts on the french wiki, and indicated our passwords in clear to the three of us. So...well...security...hum
__________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com