>> I personally have bad experience with people storing passwords in
>> plain text. Technically it might not be an issue (after all I think
>> the wiki doesn't need passwords at all) but it is certainly one of
>> those warning
> Thanks as ever for your input, but your argumentation is quite
> While you stress the rather cosmetic issue of whether passwords are
> stored (non)encrypted in the db, you suggest using no passwords at all
> for the wiki.
> This is a very bad idea. If you take a closer look at the wiki, you
> see that it uses a role/permission system. We have admin users who can
> do anything, and member users with limited rights. As anybody in the
> world who finds his way to this wiki can automatically become a
> member, he could easily obtain administrative rights if there were no
> passwords, with the result that he could completely manipulate all
> data, including the editing history.
It is consistent. My point is that there is no need for password in the
case of the wiki (see the Ward's Wiki; and if you can change history in
your wiki then your revisioning is likely broken by desing in such
scenario). However, as you insist on using the passwords, I'm
suggesting doing it a bit better then storing them in plain text.
> But here we were talking about storing plain text passwords in a
> protected database, which would get compromised only if the whole
> database got into evil hands, which in turn has to be avoided for more
> important reasons than just the passwords (in the general case).
The database is protected only until it becomes unprotected,
e.g. somebody untrusted gets hold of it. This is not a time-traveling
scenario, these things happen.