On Sun, 2003-03-30 at 07:04, Tim Starling wrote:
Gee, the interesting things you find when
browsing
the wikipedia codebase.
Don't you people know what salt is?
Nothing like reinventing a wheel to reinvent old
bugs, is there? :)
Don't worry, I fixed it. What do I do with
the
rectified code (once I've
read over it a couple more times)?
By all means, send it over.
Obviously we'd have to add a note explaining that
everyone has to reset
their password. Not everyone has an e-mail address
attached to their
account, so we'd need to add a web form for doing
this. That obviously
would require first validating the person with their
current password
with the current hashing code; so we'd probably need
a marker to
indicate that each users' password field is
upgraded.
Of course, all our passwords are sent in cleartext
over the internet
anyway, so should never be assumed to be secure.
-- brion vibber (brion @
pobox.com)
Si.
And remember, on the first of january 2003, someone
took over three sysops accounts on the french wiki,
and indicated our passwords in clear to the three of
us.
So...well...security...hum
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!