Just how dangerous could a mysql dump be in the wrong hands? I suppose they couldn't extract all one's Users' passwords, only cookies?
On Tue, Dec 18, 2007 at 01:29:15PM +0800, jidanni@jidanni.org wrote:
Just how dangerous could a mysql dump be in the wrong hands? I suppose they couldn't extract all one's Users' passwords, only cookies?
Although passwords are not stored in cleartext, it would be possible to gather a lot of passwords using dictionary attacks.
Additionally, mysql dumps would contain email addresses and other private data.
Regards,
jens
"Jens Frank" jf@mormo.org wrote in message news:20071218061853.GA5859@mormo.org...
On Tue, Dec 18, 2007 at 01:29:15PM +0800,
jidanni@jidanni.org wrote:
Just how dangerous could a mysql dump be in the wrong hands? I suppose they couldn't extract all one's Users' passwords, only cookies?
Although passwords are not stored in cleartext, it would be possible to gather a lot of passwords using dictionary attacks.
Additionally, mysql dumps would contain email addresses and other private data.
And of course the full text of your wiki, which could contain confidential information (depending on what you use your wiki for).
- Mark Clements (HappyDog)
SB> What do you mean by "mysql dump"? Do you mean a copy of the entire SB> database itself? Yes. OK, can folks please enhance http://meta.wikimedia.org/wiki/Documentation:Security#If_the_mysql_database_... http://meta.wikimedia.org/wiki/Documentation:Security#If_LocalSettings.php_h... adding e.g., why one should change $wgProxyKey, etc.
On 12/18/07, jidanni@jidanni.org jidanni@jidanni.org wrote:
Just how dangerous could a mysql dump be in the wrong hands? I suppose they couldn't extract all one's Users' passwords, only cookies?
IP Addresses, too, from the recentchanges and ipblocklist tables.
On Dec 18, 2007 4:29 PM, jidanni@jidanni.org wrote:
Just how dangerous could a mysql dump be in the wrong hands? I suppose they couldn't extract all one's Users' passwords, only cookies?
What do you mean by "mysql dump"? Do you mean a copy of the entire database itself?
wikitech-l@lists.wikimedia.org