[Mediawiki-l] You should probably change your database password, since you just posted it for the world to see.
jidanni at jidanni.org
jidanni at jidanni.org
Mon May 23 16:20:03 UTC 2011
You know, the current structure of how one sets up MediaWiki is just
begging for trouble security wise,
"You should probably change your database password, since you just posted it for the world to see."
http://www.mediawiki.org/w/index.php?title=Manual_talk:Preventing_access#Dosn.27t_seem_to_work
I mean I can't think of hardly any other components here on my Linux
system that encourages one to toss passwords right into the same file
with the rest of ones settings. It's like we're still at day one when
the program was first baked.
Indeed there is even /etc/shadow etc.
Yes, the idea is there are two levels of security for /etc files...
That way when we send one in for repairs, we don't have to worry if our
house keys are still in it somewhere, usually.
Yes the user could easily include() the passwords from a separate file,
and indeed I remember there was an Adim*.php.
However putting the passwords in a separate file should be the default
way mediawiki sets up, not something the user must do especially.
More information about the MediaWiki-l
mailing list