You know, the current structure of how one sets up MediaWiki is just begging for trouble security wise,
"You should probably change your database password, since you just posted it for the world to see." http://www.mediawiki.org/w/index.php?title=Manual_talk:Preventing_access#Dosn.27t_seem_to_work I mean I can't think of hardly any other components here on my Linux system that encourages one to toss passwords right into the same file with the rest of ones settings. It's like we're still at day one when the program was first baked. Indeed there is even /etc/shadow etc. Yes, the idea is there are two levels of security for /etc files... That way when we send one in for repairs, we don't have to worry if our house keys are still in it somewhere, usually. Yes the user could easily include() the passwords from a separate file, and indeed I remember there was an Adim*.php. However putting the passwords in a separate file should be the default way mediawiki sets up, not something the user must do especially. _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
