On 11-05-23 09:20 AM, [email protected] wrote: > You know, the current structure of how one sets up MediaWiki is just > begging for trouble security wise, > > "You should probably change your database password, since you just posted it > for the world to see." > http://www.mediawiki.org/w/index.php?title=Manual_talk:Preventing_access#Dosn.27t_seem_to_work > > I mean I can't think of hardly any other components here on my Linux > system that encourages one to toss passwords right into the same file > with the rest of ones settings. It's like we're still at day one when > the program was first baked. - WordPress, Drupal, OSCommerce, etc... basically every php, perl, etc... web software. - php, if you configure mysql globally using defaults - Postfix mysql integration - Nagios and other server monitoring; For when storing things in the database, and when you need to interact with a mysql server to monitor stats, etc... (unless you go and add a user that doesn't require a password; just don't tell me that's a valid solution based on the fact there is no password in the config *rolls eyes*) - PowerDNS' database storage - Puppet, if you use storeconfigs with anything other than SQLite - Apache, if you want to use MySQL based logging or auth - Sphinx
Is this what the term 'Fallacy' would refer to? Indeed there is even /etc/shadow etc. > Yes, the idea is there are two levels of security for /etc files... > That way when we send one in for repairs, we don't have to worry if our > house keys are still in it somewhere, usually. > > Yes the user could easily include() the passwords from a separate file, > and indeed I remember there was an Adim*.php. > > However putting the passwords in a separate file should be the default > way mediawiki sets up, not something the user must do especially. I leave this rhetoric to Domas' reply. -- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name] _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
