On ven, 2002-03-29 at 17:02, Jimmy Wales wrote:
In the interests of security, I removed
special_asksqp.php from the
live server. I didn't change anything else, so the link still appears
for is_sysop, but is an error page now.
Thanks, I feel much safer now. :) The other thing that worries me is the
permanent delete; if I have time I'll try to throw in the beginnings of
a semi-permanent delete function (remove from cur table; keep in old).
Thus deleted articles could still be fished out of old and restored by
someone else with is_sysop status once a suitable interface for doing
such is also added.
That should protect against accidental deletions or abuse of sysop
priveleges.
A permanent delete is still needed for potential copyright violations
and other illegal materials that we wouldn't want distributed in the
database dumps; a "flush" of unlinked old revisions from time to time
should do it.
I think we should bring this function back, but...
1. Passwords should be encrypted in the database. In this way no
one, not even me, can see them.
Most definitely.
2. This function should be an is_developer function,
so that we can
freely hand out sysops even to people who might not know SQL at all --
or, like me, know just enough to be dangerous. :-)
Would it be safe to limit use to "select" statements for
non-is_developer folks, so the curious could still explore the database?
-- brion vibber (brion @
pobox.com)